Suze has asked for a quick rundown on VPNs. Firstly, I should point out that explaining detailed technical concepts to people with no grounding in the subject is tricky, and often requires weird analogies and trading off absolute accuracy for something that can be understood. With that out of the way, let's get started, shall we …
Regular internet traffic works like a stream of postcards going back and forth between computers very very quickly. Each postcard needs to have a destination address written on it, so that the postal system knows where to send it—and usually—a return address as well. The space on a postcard is very limited, so for any meaningful correspondence to happen, lots and lots of them need to be sent back and forth.
Also, postcards can be read by anyone in the postal system who handles them. But sometimes we want to send private correspondence that can only be read by the person we're sending it to. In such cases, instead of sending a postcard, we write a letter and put it in a sealed envelope. This is why when you're logging into a website, the address bar will say "https://" at the start instead of regular "http://" (and usually show a little green padlock icon). The "s" at the end means your correspondence is "sealed" or "secure", and if everything is working right, it should be almost mathematically impossible for anyone but the intended recipient to unseal the envelope and read what's inside.
So, now we have a means of hiding the contents of our correspondence from prying eyes; however, any busy-body in the postal system can still look at the "to" and "from" addresses on our envelopes and see who it is we're writing to, as well as how much we write to them, at what time of day, and of course, how much they write back to us. This is what we call "meta-data", which you may have heard a lot about recently. At this point in time, Australian ISPs are required to record the metadata of all their customers correspondence and keep it for a minimum of two years.
So, what can we do if we don't want the postal system keeping a record of everyone we correspond with? Well, one thing we can do is rent out a private PO box with a VPN provider. Then, when we send a postcard or envelope, instead of putting our real return address on it, we put the address for our VPN box number. Then we put our postcard or envelope into a secondary envelope and mail that to the VPN provider. The VPN provider will open the secondary envelope and post whatever was inside. When the person we are corresponding with writes a reply, they'll address it to our private VPN box number. Our VPN provider will take that reply, stick it in a sealed envelope and send it back to us. In this way, all the postal system sees on our end, is a constant stream of correspondence going back and forth between us and our VPN provider.
Of course, if anyone is able to see all the correspondence that goes between us and the VPN provider and all the correspondence that comes out of the VPN provider, they might be able to put two and two together and make an educated guess at which correspondence belongs to us. That's why it's a good idea to use a VPN endpoint (private PO box) located in a different country, and preferably one that doesn't require VPN services or ISPs to keep records.
So, the question now is which VPN provider should you use and how do you set up your "VPN tunnel" once you've made a choice. Unfortunately, this isn't so easy to answer. Some VPN providers have little applications you can download and run if you're a non-techy who doesn't know how to configure a VPN manually. I used to hear really good things about TunnelBear.com, but I believe they block bittorrent traffic now, so I wouldn't recommend them. Nor would I recommend my current VPN, as I will probably be dropping them when my current subscription ends. I'll probably be using this list to pick a new one. I have heard one person say good things about PrivateInternetAccess.com, but I can't personally vouch for them.
I can tell you to stay away from HideMyAss.com. In court, they were were somehow able to hand over months worth of logs of their customers' data, even though they claimed they never recorded anything. Now, there's nothing to say that other VPN providers aren't doing the same, but once bitten, y'know.
Sorry if that was a lot of what you didn't need to know and not much of what you did. If you find something on that list that takes your fancy, I'll be happy to look them over and see if anything jumps out at me.
3 comments :
Actually that was very helpful.
I use Easynews.com - a usenet provider. I do not like the vulnerability associated with BitTorrent and do not use it (though there are programs such as PeerBlocker and PeerDefender which might help with that feeling of vulnerability).
Easynews has begun to provide a VPN service, which is why I was asking the question. It's only $3 per month on top of my existing service, so I thought it worth looking into. However, given the massive amounts of pr0n and other things on the servers - I'm unsure that anyone could actually pin anything specific on me (not without accessing my HDD) if I use the https:// protocols.
Anyway, they provide software, but there seem to be three choices for setup:
Windows 7 PPTP Setup
Windows 7 L2TP Setup
Windows 7 OpenVPN Setup
I use 64bit Win7 Pro, I think the software will bypass all this fuss, but their site does not make it clear. I guess I could just try subscribing, install the software and see what happens, but I don't want to be fussing too much for a limited (perceived) benefit.
Bittorrent is inherently insecure, because it's all postcards all the time, and everyone in the swarm can pretty much see everything that everyone else is doing. A VPN however, will give you roughly equivalent security with bittorrent as you get with Usenet. Your VPN provider will see what you're doing, but everyone else in the swarm will see the VPN provider instead of you.
I took a look at EasyNet.com. The …
Windows 7 PPTP Setup
Windows 7 L2TP Setup
Windows 7 OpenVPN Setup
&hellip stuff is all for manual VPN configuration. There's a separate page here with the software you need for an automatic setup.
Also, I forgot to say that you should stay away from free proxies and VPNs, unless they're some sort of limited trial thing that's trying to upsell you to a paid product. Completely free services are always scams of some sort (Of course, I'm talking about services here; not peer-to-peer community networks like Tor, I2P, FreeNet, etc; but they're a different kettle of fish altogether).
Post a Comment