We’ve all seen the depths to which governments across the world will go to get their grubby little hands on your private data. Often illegally!
The Prism surveillance program, XKeyscore & the recently mooted Australia metadata retention program are all cases in point. Yep, that’s Australia’s elected Attorney General there!
If you think that the spooks and federal, state & local police aren’t trawling through your information without a warrant (Canada, Romania, France, US) then quite frankly you are a moron and you shouldn’t be allowed to use the Internet.
So what can you do to protect yourself?
Most decent routers allow you to establish Virtual Private Networks (VPNs) that encrypt your data and then send that data to somewhere else on the planet.
Without a VPN your data leaves your PC, goes through your router to your ISP and pops out in your own country and this is where your local spooks and cops are slurping up your data for analysis.
With a VPN the data that they slurp up is gibberish. It’s encrypted which makes it difficult (but not impossible mind you) for them to read.
How to setup a VPN?
This all depends on the capabilities of your router. There are 4 or so major VPN “standards” and you’ll need a router that supports one of more of them.
OpenVPN
OpenVPN is an open source project that implements a quite robust VPN protocol and it is supported by pretty much every VPN provider on the planet. Quite easy to setup and keep running. Downside is that you normally need to install a special firmware (DD-WRT or Tomato) on your router to get this capability and not all routers support this special firmware.
IPSEC
IPSEC is an Internet standard for the encryption and authentication of the data packets on the Internet. There are slightly different variants depending on whether you’re doing site-to-site VPNs or setting up a teleworker to dial into your network.
A very secure protocol but can be a hassle to setup correctly due to the number of knobs that can be tweaked. Things like NAT can cause you much grief.
L2TP/IPSEC
L2TP by itself does not give you encryption so is pretty much useless by itself for protecting your communications. But when L2TP is coupled with IPSEC you end up with a relatively good level of security for your Internet communications.
L2TP/IPSEC is a good trade off of simplicity and capability.
PPTP
PPTP is NOT considered secure anymore. Do not use unless you absolutely have to and nothing too confidential is flowing through the VPN. Probably OK for torrenting.
Are all VPN providers created equal?
In a word NO!
The technical capabilities of the VPN provider, the support experience and network speed all come into play when selecting a provider. You might also be concerned with how you can pay for your VPN – some providers allow you to pay with anonymous gift cards if you’re that paranoid.
I recently upgraded to a Draytek Vigor 2860 router. I’ve been quite impressed with it in the short time I’ve been using it. The 2860 supports dial-out VPNs, load balancing & failover VPNs, and policy based routing that allows you to select what data goes out via the VPN and what data go out direct to your ISP. You have have upto 32 VPNs configured.
During my travels I’ve seen that VPNs don’t all live up to their marketing hype. While all the providers below say on their webpage that they support “L2TP/IPSEC” your results can vary widely. For example, 2 of the providers below will quite happily establish an L2TP/IPSEC connection without the encryption turned on! Completely useless as a VPN to protect your identity and information.
VPN Provider | Supports L2TP/IPSEC | Support Quality | Comments |
---|---|---|---|
Witopia | Yes, with AES encryption and SHA1 Authentication | I've only needed to use support once and it was fast and efficent | Downside is that technically you're not allowed to setup Witopia VPNs on routers. |
NordVPN | Yes, with AES encryption and SHA1 Authentication | Worked straightaway - have had no reason to speak to support yet | Great so far - highly recommended |
Private Internet Access | Yes, but NO ENCRYPTION | Poor and slow. Their L1 support staff are useless. They skim through the e-mail and then cut and paste an answer that doesn't help | Avoid at all costs |
Proxy.sh | Yes, but NO ENCRYPTION | Poor and slow - a question that I placed 7 days ago still hasn't been answered or acknowledged. | Avoid at all costs |
Kepard | Yes, with AES encryption and SHA1 Authentication | Worked straightaway - have had no reason to speak to support yet | Great so far - highly recommended |
vpn.ac | Yes, with AES encryption and SHA1 Authentication | Worked straightaway - have had no reason to speak to support yet | Seems good so far |
My advice
Try your chosen VPN provider before you make a long term commitment to them. Some offer a couple of days for a dollar or 2 while others will need you to commit for a month at around $10.
Try to setup the VPN on your router. I can assure you that you’ll probably have problems in the first instance so hit up support early and often to you can gauge the type of response you’ll get ongoing.
My suggestions
From my tests I’d suggest VPN.AC and Kepard. Witopia would be up there if their T&Cs allowed you to host the VPN on your router.
In no way, shape or form would I suggest anyone use Private Internet Access or Proxy.sh if they needed a L2TP/IPSEC VPN on their router – life is too short to have to deal with incompetent help desks.
NordVPN can be veeeeeeeeeeeeeeeery slow at times.