Virtual Private Networks and Anonymity

blog
articles

(Mark Edworthy) #1

With the on-going war between rights of the public to conduct private communications on-line, as well as the perceived need for governmental oversight and monitoring of Internet traffic; there is a growing need for users to implement secure and private infrastructures to protect their on-line communications, activities and information from third party scrutiny (monitored by governmental agencies, Internet service providers or third party organisations).

When a customer purchases a network contract through their Internet Service Provider (ISP), they are actually being provided with a leased connection to the Internet. The customer must abide to the contract and terms of service provided by the ISP. These agreement can contain rather ominous terms and conditions. If a person is connecting to the Internet by a third party connection (via a public network or a router that is provided by a friend, business or any other organisation), then they may be subjected to conditions that they are not aware of. These conditions could include: speed restrictions, limited data allowance, recording of data transmitted or logging of visited sites.

There is an old argument which states: if you have nothing to hide then you have nothing to fear. Consider the following: would it be acceptable for a governmental agencies (or third party organisations) to monitor and dissect all postal, phone and face-to-face communication of all citizens (without the use of a legalised sectioned warrant)? Yet, that’s precisely what happens with our on-line activities.

Over the last several years, we have seen an increase in governmental legislation that has attempted to limit citizens speech. These laws can have vague and spurious definitions and wording contained within them (such as the usage of the vague term: ”hate speech”). Also, with the advent of police monitoring of on-line activities. Organisations such as ISPs, social media platforms and search engines (Twitter, Facebook, Google etc.) have implemented draconian policies and technologies to monitor, police conversations and control users on-line activities.

With the advent of on-line privacy concerns and the introduction of regulations including: the Investigatory Powers Act in the UK (aka. “snoopers charter”) and recent US legislation surrounding the abolishment of the Federal Communications Commissions privacy rules (which allows providers to distribute user identifiable data to other organisations). The question that should be asked is how to secure the individuals private communications and rights when using the Internet.

Various hardware, software and on-line solutions exist to protect Internet users from invasive snooping. Whilst some of these solutions are more effective then other tools, Virtual Private Networks (VPN) should be considered as an important tool for anybody that needs to protect their privacy and anonymity whilst being on-line.

VPN infrastructure / software generally comes in two types of implementations. The first implementation is usually used for peer to peer network communication (as an example, if an organisation has multiple buildings which need access to the same network services, then they would implement a secure tunnel over the Internet, which would allow these services to be securely provided in all physical locations).

The second implementation of a VPN masks the Internet Protocol (IP) address and geographical location from the resulting Internet service / site (masking the users IP and location from Google, Facebook, Twitter etc.). An IP address could be considered like a phone number or postal address, in which the connection from the users router is provided with a unique address (these IP addresses can change from time to time, although most ISPs will retain the IP addresses and connect them to their associated client’s account information for a certain period of time).

The later implementation allows the user to connect to a VPN (or node), which masks their IP address and location from the resulting Internet site. The VPN may provide multiple nodes to further mask the location of the first node and users details.

So, why use a VPN provider? There are a number of reasons why a user may want to use a VPN and due to spurious and vague legislation, there may be need for the individual to further protect themselves not only from governmental and third party oversight but also to implement further security measures against black-hat hackers. In short, there are a number of compelling reasons to start using a VPN provider, some of these examples include:

Secure Messaging
For a long time, the preferred method of communication for most people was to use e-mail. However, on-line messaging and social media services have now become popular communication platforms (WhatsApp, Skype, Snapchat, Facebook, Twitter and Minds).

The problem is that not all of these services are encrypted, potential allowing for messages to be intercepted and read by unauthorised third parties.

Using these messaging services through a VPN provides a higher level of security with the inherent encryption and keeps these these conversations (for the most part) private.

Voice and Video over Internet Protocol
Voice over Internet Protocol (VoIP) and video calls (Skype, Viber and WeChat) are becoming more popular alternatives to traditional phone calls and can cost less then standard land-line / GSM / cell phone calls (especially if users wants to communicate with friends, family or colleagues that live in another country).

However, the downside is that now instead of tapping into an individuals line, VoIP calls can be acquired and analysed in bulk. By sending these calls though a VPN, these calls are encrypted and therefore require more advanced decryption skills to gain access to the conversation, making things much harder for any snoopers.

Avoiding Government Censorship
In some countries, the Internet is highly censored by oppressive governments which can hamper efforts to communicate outside of the regime and prevents access to various Internet services / sites.

If a person travels to one of these countries, they will be subject to the countries on-line censorship, therefore a VPN could be a real necessity if wanting to access certain Internet services and sites.

Secure Public Wi-Fi
Free to access Wi-Fi hotspots / access points are becoming more common (many cafés, bars, libraries and governmental offices already provide WiFi access points) and many organisations encourage individuals to access the Internet via the provide access point.

However, using public Wi-Fi can also be fraught with hazards. These include packet sniffers, falling into phishing scams via fake Wi-Fi connections and being hacked or infected with malware or viruses. A VPN with a modern encryption protocol can (for the most part) help to protect against these types of attacks.

On-Line Gaming
Using a VPN to play on-line games might initially seem like a poor idea. However, a VPN does offer some advantages (example: The anonymity aspect means that the user can further secure their account credentials).

Additionally, a VPN can be used to overcome certain geographical location blocking restrictions. As an example: an American can continue to play US based games whilst travelling overseas. Also, in some cases, using a VPN can offer faster connection speed and could be used to avoid throttling (which could result in connecting to gaming servers faster as opposed to connecting to these servers without a VPN).

A VPN can increase protection against Distributed Denial of Service (DDoS) attacks, whilst these type of attacks are not common, gaming rivals with serious grudges could decide to attempt to target the users connection and limit the access to the gaming servers.

Research Whilst Hiding Identity
There are times when some research needs to be done anonymously. As an example: if one organisation wants to look at the available jobs or policies of a competitor, a VPN could be ideal by cloaking the companies IP address and location data.

Offset Search Engine Tracking
Services such as “do no evil” Google is really starting to resemble “big brother”. Google tries to monitor what the user does whilst accessing the Internet. A VPN may be able to offset Google’s spying and can allow the user to take back control of their privacy.

Most VPN providers will cost money, although there are free VPN providers. These free VPNs usually don’t provide the same level of protection that premium VPNs would. Some VPN providers may retain records of your Internet activities. Also, highly popular VPN providers have been known to give data over to authorities when provided with legal orders.

However, VPNs should not be treated as the panacea of security and only be used as part of a wider security policy. As an example: some Internet sites may use “super cookies” (cookies that may store authentication or other website settings, such as a provision for the user to be automatically logged in).

Another way for an ISP or other organisation to track users activities is to monitor their Domain Name System (DNS) requests (DNS servers deal with the process of converting the Internet site address to the sites numerical IP address).

Most of the time, the DNS provision can be changed by the individual. Various ISP and other DNS providers can be used instead of the default provided (as an example, Google provides a popular alternative DNS address, but using Google’s DNS provision could not be considered as a good solution within an anonymous scenario).

Generally speaking, the default DNS of a router is usually the provided by the ISP and does not change when using a VPN. These DNS requests can be monitored and recorded by the ISP. However, there are methods to have the VPN resolve the DNS requests with an alternate server. This must be configured separately. Alternatively, the VPN can be operated in “tunnel mode”, this is where all the data is sent only to the VPN server, which in turn handles the DNS requests.

Whilst basic encrypted and free VPNs may not be the best answer, there are a number of free public DNS solutions that do not retain requests. Also, free VPNs are generally slower when compared to premium services.

As stated above, VPNs should not be treated as the “holy grail” of anonymous Internet access. If the user is willing to implement other security procedures (clearing cookies from browser sessions and using an appropriate firewall solution). Users can be confident surfing the web anonymously and securely.

References & Other Resources:

(Virtual Private Network Reviews)

(Free DNS Services)


This article has been published under the Attribution-NonCommercal-NonDerivs license agreement (CC BY-NC-ND)

All associated (embedded or linked) content is provided with the implied permission of the content owner or provider


(Dan) #2

I don’t think I’d agree with your arguments for messaging or VOIP. Your VPN connection will encrypt that traffic from your computer/device to the VPN endpoint, but from there on out the VPN does nothing for you. And if the message protocol is unencrypted, then it’s still in the clear on the Internet. Ditto for VOIP, since that’s all in cleartext. Really, the answer in both cases is to use an app like Signal.

With respect to DNS, the best answer (IMO) is to use a router that operates as its own DNS resolver, directly querying the authoritative servers. pfSense does this, as does SME Server (which Neth forked from), but it doesn’t seem that Neth does.


(Mark Edworthy) #3

@danb35,
Up to a point, I sort of agree with you. Whilst a VPN connection will not totally protect the user from having their communication being compromised. However, depending on the type of communication framework (ie.peer-to-peer client software such as Tox or Bit Chat), a VPN could help to obviate or reduce the ability of an intruder finding the recipients communications.

As I did state within the closing of the article, the usage of a VPN should not be consider as a complete solution and should only be treated as part of a wider approach when considering privacy.


(Mark Edworthy) #4

It is also worth noting that by implementing frameworks such as IPSec or OpenVPN, it is possible to secure private infrastructures (including privately controlled / administrated IM and VoIP frameworks).