Guide to VPNs: What They Do, and What to Consider When Choosing One

What is a VPN?

A VPN (Virtual Private Network) is a technology that creates a secure, encrypted connection between your device (whether a computer, mobile phone, or tablet) and a server on a private network, over the internet. This encrypted connection protects your online traffic, ensuring that what you do on the internet is not visible to others, such as hackers, Internet Service Providers (ISPs), or even governments.

What is a VPN Used For?

The main reasons to use a VPN include:

• Online Privacy: It masks your real IP address, making it harder to track your online activities.
• Security: It encrypts your internet traffic, protecting you from possible interceptions, especially on public Wi-Fi networks.
• Accessing Geo-blocked Content: It allows you to access services and content restricted in your country by connecting to servers in other locations.
• Bypassing Censorship: In some countries, a VPN is essential for bypassing website blocks or online service restrictions.
• Anonymity: It helps maintain anonymity while browsing and accessing services, especially in situations where privacy is crucial.

What Are the Risks of Using a VPN?

Despite its benefits, using a VPN also comes with certain risks:

• Fake Providers: Not all VPN services are trustworthy. Some may log your activity and sell it to third parties.
• Reduced Speed: Encryption and the extra traffic involved with VPNs can slow down your internet connection.
• Security Vulnerabilities: Poorly configured VPNs may not offer adequate protection and could leave you vulnerable to cyberattacks.
• Legislation and Surveillance: Depending on the VPN provider’s jurisdiction, your data may be subject to local laws that require them to hand over information under certain circumstances.

Where Does a VPN Not Reach?

While a VPN provides significant protection, it is not a bulletproof solution:

• Protection Against Malware and Viruses: A VPN doesn’t protect you from malicious software like viruses or spyware. It’s important to also use reliable antivirus software.
• Personal Information: If you voluntarily share your personal information online (e.g., signing up on a website), the VPN won’t protect against this kind of data leak.
• Compromised Networks: If your device is compromised with malware, a VPN cannot protect you.

What is a VPN Good For?

VPNs help prevent several types of cyber attacks :

• IP Address Targeting Attacks: By hiding your real IP address and replacing it with your own, a VPN makes it harder for hackers to exploit device-specific vulnerabilities.

• Man-in-the-middle (MitM) attacks: These attacks, which intercept communication on unsecured networks, are mitigated by the use of modern encryption and authentication protocols such as HTTPS, along with the VPN “tunneling” protocol that provides end-to-end encryption and IP obfuscation . However, if the destination does not offer HTTPS encryption, information may be at risk after leaving the VPN server.

• Packet sniffing: The ability of third parties to capture data passing through a network is thwarted when using HTTPS and a VPN tunnel, ensuring that data is encrypted end-to-end. Additionally, VPNs add a feature that redirects and masks the IP address in traffic between the device and the destination, making it harder to track online activity.

• Wi-Fi eavesdropping: Similar to packet sniffing and MitM attacks, Wi-Fi eavesdropping occurs on unsecured wireless networks. VPNs provide encryption and anonymity to protect data before it can be intercepted.

However, there are cyber threats that a VPN is not effective against:

• Malware and viruses: VPNs cannot prevent malicious programs from infecting a device if they are downloaded or interacted with.

• Phishing attacks: A VPN does not protect against phishing attempts, where hackers trick users into revealing personal information through fake emails or websites.

• Man-in-the-middle attacks on the device: If a hacker has already compromised a device with spyware or a keylogger, a VPN cannot prevent data theft.

• Brute force attacks and passwords: Weak or exposed passwords allow hackers to access accounts even when using a VPN.

• Local network attacks: A VPN does not prevent attacks carried out by someone with physical access to the device or the local network.

• Zero-day attacks: These exploit newly discovered vulnerabilities before security updates are released. A VPN does not prevent the exploitation of these vulnerabilities.

• Session hijacking: If an attacker manages to hijack a session after a connection to a website has been established, a VPN cannot protect against this.

• Social engineering attacks: A VPN does not protect against manipulating people into divulging sensitive information.

In addition to the limitations of traditional VPNs, data centralization poses a significant risk. Traditional VPNs, by using centralized infrastructures, either with their own or rented servers, are an attractive target for cyberattacks. These servers can contain metadata logs for millions of users, representing a single point of failure. Even if a VPN does not store metadata logs, it would still contain financial records linked to users.

Decentralized VPNs (dVPNs) and mixnet VPNs are alternatives that seek to mitigate these issues. dVPNs use a decentralized network with no central control point, while a mixnet VPN encrypts and routes data through a network of independent, unlinked servers, making data leaks more difficult since the information never resides in one place.

Mixnet VPN Features:

• Resistance to traffic analysis: The decentralized architecture of mixnets makes traffic analysis more difficult compared to centralized servers, making it harder to trace the path of data and mixing it with other users’ traffic, as well as using spoofed packets to increase network volume.

• Advanced encryption: Unlike traditional VPNs, mixnet VPNs employ multi-layered encryption around data, where each layer corresponds to a node in the path. As data passes through each node, the specific layer of encryption is removed, revealing the next destination. This makes it difficult for an attacker to trace the entire path unless they control a large number of nodes, or both the ingress and egress nodes.

In conclusion, VPNs are useful tools for enhancing internet security, especially when information is in transit, but they are not a complete solution to all threats.

It is important to complement them with other security measures, such as using strong passwords, keeping software up to date, being cautious with links and files, and using an antivirus. While traditional VPNs have their limitations, dVPNs and mixnet VPNs offer greater privacy.

Key Concepts to Consider When Choosing a VPN

Now that you understand the basics, let’s dive into the technical aspects and key features to consider when evaluating a VPN service:

1. Jurisdiction

The jurisdiction is crucial because it determines the laws that apply to the VPN provider. Some countries have stricter privacy laws than others. It is advisable to choose a provider located in a country with privacy-friendly laws, preferably outside the 14 Eyes (a group of countries that share intelligence data).

2. Transparency Report

The transparency report is a document published by providers that outlines governmental requests for data. If a provider regularly publishes these reports, it shows their commitment to privacy.

3. Warrant Canary

A warrant canary is a tool that VPN providers use to notify users about any confidential data requests they’ve received. If the report is not updated, it means the provider has received a request they cannot disclose.

4. Login Policy

The login policy is critical for privacy. No-logs providers promise not to store data about your activities. This means that, even if requested by authorities, they won’t have any data to hand over.

5. Diskless Servers

Diskless servers do not store data physically on hard drives. Instead, data is stored in volatile memory (RAM), making it more difficult for data to be retrieved if a server is compromised.

6. Open Source

Open-source means the VPN’s software is available for review by anyone. This allows vulnerabilities to be identified and ensures there are no hidden practices, such as data logging.

7. No Analytics

A good VPN service should not collect usage analytics. This includes data about connection times or data usage, which could compromise your privacy if stored or sold.

8. Maximum Data Encryption

Encryption protects your data from prying eyes. The highest and most secure standard is AES-256, and its use by a VPN ensures that your data is well protected.

9. Maximum Handshake Encryption

The handshake is the process by which the client and server authenticate each other. Ensure the VPN uses a strong handshake protocol like RSA-2048 or ECC to secure this connection.

10. OpenVPN vs WireGuard

• OpenVPN is widely considered one of the most secure and flexible protocols but can be slower due to its heavy encryption.
• WireGuard is a newer protocol that promises faster speeds and efficiency while maintaining high security standards.

11. Kill Switch

The kill switch cuts off your internet connection if the VPN fails, preventing your traffic from being transmitted unencrypted.

12. IPv6 Protection

Ensure your VPN provides protection against IPv6 leaks, as some VPNs only protect IPv4 traffic.

13. Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second code from your device to access your account.

14. Audits

External audits by third parties verify that the provider is following its privacy policies and is not logging or sharing your data.

15. First-Party DNS and Custom DNS

First-party DNS means the provider controls its DNS servers, improving privacy and speed. Using a custom DNS is also useful to have more control over your connection.

16. Anonymous Payment and Registration

Some providers allow anonymous payments (such as Bitcoin or Ethereum) and anonymous registration, which improves privacy when signing up.

17. First-Party Servers

A provider with first-party servers has full control over its servers, reducing the risk of them being compromised by third parties.

18. P2P Friendly

If you plan on sharing files or using P2P networks, ensure the VPN allows this type of traffic without restrictions.

19. Multihop

The multihop option allows you to route your traffic through multiple servers in different locations, adding an extra layer of anonymity.

20. Port Forwarding

Port forwarding allows you to access your local devices or services remotely through the VPN.

21. Connect on Boot

Some VPNs have the option to automatically connect when your device starts up, ensuring you’re always protected.

22. Supports Privacy Causes

Some VPN providers actively support privacy causes and make donations to organizations that promote digital freedom.

23. Number of Servers and Countries

The number of servers and countries available impacts the VPN’s flexibility and connection quality. The more servers and countries, the better.

24. Simultaneous Devices

Choose a VPN that allows you to connect multiple devices simultaneously without compromising speed or security.

Choosing the right VPN is key to protecting your online privacy. By considering all of these factors, you can make an informed decision that balances security, speed, and usability.

Here is a comparative list of VPNs, draw your own conclusions.