Using VPNs to protect your privacy

We’ve all seen the depths to which governments across the world will go to get their grubby little hands on your private data. Often illegally!

The Prism surveillance program, XKeyscore & the recently mooted Australia metadata retention program are all cases in point. Yep, that’s Australia’s elected Attorney General there!

If you think that the spooks and federal, state & local police aren’t trawling through your information without a warrant (Canada, Romania, France, US) then quite frankly you are a moron and you shouldn’t be allowed to use the Internet.

So what can you do to protect yourself?

Most decent routers allow you to establish Virtual Private Networks (VPNs) that encrypt your data and then send that data to somewhere else on the planet.

Without a VPN your data leaves your PC, goes through your router to your ISP and pops out in your own country and this is where your local spooks and cops are slurping up your data for analysis.

With a VPN the data that they slurp up is gibberish. It’s encrypted which makes it difficult (but not impossible mind you) for them to read.

How to setup a VPN?

This all depends on the capabilities of your router. There are 4 or so major VPN “standards” and you’ll need a router that supports one of more of them.

OpenVPN

OpenVPN is an open source project that implements a quite robust VPN protocol and it is supported by pretty much every VPN provider on the planet. Quite easy to setup and keep running. Downside is that you normally need to install a special firmware (DD-WRT or Tomato) on your router to get this capability and not all routers support this special firmware.

IPSEC

IPSEC is an Internet standard for the encryption and authentication of the data packets on the Internet. There are slightly different variants depending on whether you’re doing site-to-site VPNs or setting up a teleworker to dial into your network.

A very secure protocol but can be a hassle to setup correctly due to the number of knobs that can be tweaked. Things like NAT can cause you much grief.

L2TP/IPSEC

L2TP by itself does not give you encryption so is pretty much useless by itself for protecting your communications. But when L2TP is coupled with IPSEC you end up with a relatively good level of security for your Internet communications.

L2TP/IPSEC is a good trade off of simplicity and capability.

PPTP

PPTP is NOT considered secure anymore. Do not use unless you absolutely have to and nothing too confidential is flowing through the VPN. Probably OK for torrenting.

Are all VPN providers created equal?

In a word NO!

The technical capabilities of the VPN provider, the support experience and network speed all come into play when selecting a provider. You might also be concerned with how you can pay for your VPN – some providers allow you to pay with anonymous gift cards if you’re that paranoid.

I recently upgraded to a Draytek Vigor 2860 router. I’ve been quite impressed with it in the short time I’ve been using it. The 2860 supports dial-out VPNs, load balancing & failover VPNs, and policy based routing that allows you to select what data goes out via the VPN and what data go out direct to your ISP. You have have upto 32 VPNs configured.

During my travels I’ve seen that VPNs don’t all live up to their marketing hype. While all the providers below say on their webpage that they support “L2TP/IPSEC” your results can vary widely. For example, 2 of the providers below will quite happily establish an L2TP/IPSEC connection without the encryption turned on! Completely useless as a VPN to protect your identity and information.

VPN ProviderSupports L2TP/IPSECSupport QualityComments
WitopiaYes, with AES encryption and SHA1 AuthenticationI've only needed to use support once and it was fast and efficentDownside is that technically you're not allowed to setup Witopia VPNs on routers.
NordVPNYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetGreat so far - highly recommended
Private Internet AccessYes, but NO ENCRYPTIONPoor and slow. Their L1 support staff are useless. They skim through the e-mail and then cut and paste an answer that doesn't helpAvoid at all costs
Proxy.shYes, but NO ENCRYPTIONPoor and slow - a question that I placed 7 days ago still hasn't been answered or acknowledged.Avoid at all costs
KepardYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetGreat so far - highly recommended
vpn.acYes, with AES encryption and SHA1 AuthenticationWorked straightaway - have had no reason to speak to support yetSeems good so far

My advice

Try your chosen VPN provider before you make a long term commitment to them. Some offer a couple of days for a dollar or 2 while others will need you to commit for a month at around $10.

Try to setup the VPN on your router. I can assure you that you’ll probably have problems in the first instance so hit up support early and often to you can gauge the type of response you’ll get ongoing.

My suggestions

From my tests I’d suggest VPN.AC and Kepard. Witopia would be up there if their T&Cs allowed you to host the VPN on your router.

In no way, shape or form would I suggest anyone use Private Internet Access or Proxy.sh if they needed a L2TP/IPSEC VPN on their router – life is too short to have to deal with incompetent help desks.

NordVPN can be veeeeeeeeeeeeeeeery slow at times.