What is a VPN?
VPN stands for Virtual Private Network. The technology was originally developed to allow remote workers to connect securely to their corporate computer systems when away from the office. VPNs are still widely used for this purpose, however the term itself now usually refers to commercial services available to home users for their own privacy. We won’t be covering the corporate side of VPNs here today as they aren’t really the same, despite being based on the same technology.
What can a VPN do for me?
Amongst other things, a commercial VPN allows you to:
- hide what you are doing on the internet from most people. Although this might sound nefarious or creepy, there are many legitimate reasons to hide yourself on the internet, more on this later;
- avoid regional censorship. Not so much a problem in Australia yet, but there are plenty of instances where this can be of benefit;
- appear to be in another place in the world, sometimes giving you the ability to access different catalogues on Netflix, for instance; and
- download and torrent safely.
To use a VPN, you first have to sign up to one as a VPN is not the same as your Internet Service Provider.
How does it work?
Normally when you connect to your Internet Service Provider (Telstra, Optus, TPG, etc), all your internet requests and services pass through their networks and servers. They are able to control the speed of your internet and are also able to see everything that you are doing. With Australia’s data retention laws, certain data about everything you do (meta data) is also recorded. When you use a VPN, you are establishing a direct connection to a server provided by your VPN service via an encrypted connection (known as a “tunnel”).
This way of connecting has a number of benefits:
- Your ISP cannot see what you are doing.
- The data passing through your ISP is encrypted.
- Your ISP can only see that you are connected to a VPN server somewhere, nothing more.
- The world sees your IP Address as that of the VPN server to which you are connected.
- If the VPN server you are connected to is in Switzerland, for instance, for all intents and purposes the internet believes you to be in Switzerland.
- Anyone trying to track your internet activity will only get as far as the VPN server. Your real IP address is hidden.
- It is far safer to use public WiFi.
- Even if a hacker were to intercept your communications or trick you into connecting to a rogue hotspot, the data they would be intercepting is encrypted and useless to them.
There are a couple consequences to be aware of:
- Your VPN provider can see what you’re doing.
- You have shifted your trust from your ISP to your VPN provider, although they’ll usually have your privacy as a priority.
- Many VPN providers employ methods to know as little as they can about you.
- Your internet will be slower.
- It takes processing power at both ends to encrypt and decrypt your data, although these days that’s a fairly insignificant hurdle.
- There’s an extra leg added to your internet. In the same way that a website hosted overseas will be slower than an identical one in Australia (assuming you live in Australia), if there’s further for your data to travel, it will be slower.
- Some VPNs have a small ‘pipe’ at their server end, meaning many users accessing the internet through one point.
The best way to mitigate the speed hit is to connect to a VPN server close to both your destination (say one in the US if you are chasing the US Netflix catalogue), or nearest to you. This is a very easy process and only takes a few seconds to change servers.
Are VPNs legal?
Most countries allow their citizens a right to privacy, and using a VPN on the internet facilitates exactly that. The story is somewhat different if you live in China or Iran, but for the purposes of this article, I’m going to assume that’s not the case.
It’s well to keep in mind, however, that many countries have data retention laws that require a VPN provider to keep logs. These logs can tie your real IP address to our VPN address at a specific time, therefore revealing your identity. Some providers don’t keep logs at all.
How do I get started?
When evaluating VPN providers, you should consider a number of factors:
- Price: of course, this is one of the biggest considerations. The price does add onto your cost to connect to the internet.
- Speed: not all VPN providers are equal when it comes to speed.
- Privacy: all providers claim they regard your privacy as their priority, but there’s a few things to look out for (more below).
- Security: we’ll cover the details below, but suffice to say some providers give you better options here.
- Server connections and locations: the more servers in various locations around the world, the better.
- Number of endpoints: you want a provider who will allow a few devices to connect simultaneously, so you can VPN your PC, your phone, your tablet and more.
- Customer support: perhaps lower on the list, but if something isn’t working you want to know you’re in good hands to get it resolved.
Nearly all providers support the major platforms; Windows, Mac, Android and iPhone. Some provide more support that others. Most have a free trial or money back guarantee so you can try them out risk free to ensure they’ll cover your needs.
Once you’ve settled on a VPN provider (we have our own recommendation below), simply visit their website and follow the links to sign up. They all have comprehensive instructions to get you started and you can’t break anything on your computer if something doesn’t quite go right.
A note on Free VPNs.
Free VPN providers do exist, but like anything free they come with various caveats. Some are supported by ads (and who isn’t sick of ads these days), some just have very limited functionality or low speeds. Since it takes some serious funds to run a VPN, you don’t know if they’re just going to sell your data to the highest bidder either.
No free VPN will give you the level of privacy or speed of a paid service.
Will a VPN make me completely anonymous?
Not entirely. The VPN provider will always know who you are if they are live viewing what you are doing and if you are still connecting to services like Google or Facebook, those services will obviously still be able to aggregate your data. However the providers will always go to lengths to protect your privacy, rather than anonymity.
Of course, if a provider keeps logs, your anonymity goes out the window immediately. Logs allow any agency to look through history and find where and what you were doing at any particular time. If a provider keeps logs, you can bet they will hand them over on request rather than face court and put their own business on the line.
But then how do you know if a provider actually does or doesn’t keep logs? You really have to place your trust in that provider, who is using their reputation to make their sales. If they violate the trust of their customers, they are really hurting their business going forward.
Mandatory Data Retention
In Australia, the Telecommunications (Interception and Access) Act 1979 now requires telecommunication companies to retain a particular set of telecommunications data for at least two years. In the words of the Attorney-General’s Department:
"These obligations ensure Australia’s law enforcement and security agencies are lawfully able to access data, subject to strict controls. Access to data is central to almost all serious criminal and national security investigations."
Many other countries have similar laws meaning an ISP or VPN provider in those countries will keep logs no matter what they tell you. Many European countries such as the Netherlands, Romania or Sweden for instance do not have these laws and so they are a popular place to situate a VPN provider. The United States also don’t have data retention laws, interestingly.
Paying for a VPN anonymously
Many of the more privacy minded VPN providers will allow some kind of anonymous payment method (some will even take posted cash). The most common of these being cryptocurrency (although some cryptocurrencies are not entirely anonymous either). This adds an extra layer of privacy because the VPN provider retains even less details about you, knowing only your real IP address at the time your are connected. If a VPN provider doesn’t accept some type of anonymous payment, you have to question if they really take your privacy and anonymity seriously.
How secure will I be?
Your level of security and privacy will depend on a number of factors
As we’ve mentioned, a VPN protects your data using encryption. We’ll avoid burying you too deep in the technical details of each one, suffice to say that you should use OpenVPN wherever possible and avoid PPTP. PPTP or Point-to-Point Tunneling Protocol is an obsolete way of creating a VPN tunnel with many now known vulnerabilities. This option shouldn’t be offered anymore but some still include it, perhaps for legacy systems.
IP Leaks & Kill Switches
If everything is working right, your real IP Address is hidden from the internet and the VPN server you are connected to appears instead. However if a website can detect your real IP Address you will have what’s known as an IP Leak. A good site to test if you have a leak is the appropriately named IPLeak.net. If you can see your real IP Address here then there are a number of ways to correct them. VPN University covers them far more detail than we can here.
Now what happens if the VPN connection drops out? Well if you don’t notice the tray icon change colour and have notification suppressed, then it’s completely transparent to you and you’ll be carrying on your business on the open internet. Solution? A VPN Kill Switch. This option will immediately stop all communications from your computer the moment the VPN connection drops, protecting you from exposing your IP to the world. Once the connection is re-established, communications resume as per normal. Most clients have this option built in, so it’s a good option to use if you’re committed to privacy. There are other ways to effect a kill switch using firewall rules, however that’s well beyond the scope of this article.
What about torrents?
You are completely safe to torrent while connected to a VPN. It’s highly recommended to only ever torrent when using a VPN. The reasoning is simple; due to the peer to peer nature of torrents, anyone sharing (or tracking) the same file as you has the ability to see your IP Address. If you’re using a VPN, they see that address instead.
VPN companies get bombarded by legal notices from copyright holders. Some will cooperate and hand over your details, if they have logs of course. Some just won’t allow torrenting at all. So be sure to choose a VPN provider that does neither of these!
When torrenting and leaving your computer for extended periods of time unattended, a kill switch is vital.
Will a VPN work on mobile?
In a way.
Most VPN providers provide clients that run natively on Android and Apple devices but you need to be aware that generally this will only protect some of your activity while using the device. Smartphones have a multitude of ways of tracking a user, including GPS data, contact lists, Google and Apple accounts and most importantly via in-app advertising. If you only use your browser while the VPN is active and have all the location and account tracking turned off, then your smartphone is somewhat more secure. But there’s a limit to how far you can secure most phones.
What a VPN won’t do
There’s a few things a VPN most certainly won’t do:
- Provide complete anonymity: if ASIO, the FBI, the NSA or some other organisation wants to specifically track you, a VPN will not help.
So which VPN do we recommend?
We’ve used many VPNs over the years and each one has it’s advantages and disadvantages. But when it’s all boiled down, we settle on Private Internet Access every time. Their pricing is very competitive, if not the cheapest around. But for that you get IP and DNS leak protection, a built in kill switch, true secure encryption and over 3000 servers across 28 countries. We’ve found their speed to usually be excellent, provided we connect to the right server (for instance, trying to visit a US site when connected to a Spanish server isn’t the fastest way to do it). We’ve used gift cards to pay in the past, but they also accept traditional payment methods and of course Bitcoin.
Best of all they don’t keep logs and are based in the United States where data retention is not mandatory.
A VPN is absolutely essential these days especially given the low cost/benefit ratio. For a few dollars a month your internet usage is secure, you have less chance of being hacked or your data stolen, and you are effectively hidden from government agency spying (unless you’re already a known criminal…). Hopefully we’ve given you enough information to shed a little light on the mystery that is a VPN, but if you have any more specific questions, be sure to send us your queries on any of our social networks or send us an email.