Sharing is Nice

How to Choose a VPN for Digital Privacy and Security
Follow me on Twitter BreeJFowler. You might be thinking: If they are not publicly visible, they should respond with this information when asked. StrongVPN is a great choice, as it meets the needs of both power users and casual users alike. The free TunnelBear service offers up to MB per month. The Best Tech Newsletter Anywhere Join , subscribers and get a daily digest of news, geek trivia, and our feature articles. A good example, says Joshua Konowe, chief strategy officer for Silent Circle, which specializes in secure communications, is TunnelBear.

Everybody’s snooping on your internet traffic. Here’s how to stay hidden.

Why You Need a VPN—and How to Choose the Right One

Most people think of VPNs as tools to use when you're away from home. If you use a VPN, the internet service provider will not be able to see what you're reading, viewing, or shopping for online. The traffic coming to and from your computer will be linked to just one source—the VPN company.

So the decision to use a VPN should be easy. But choosing a service? Some VPNs protect you better than others. And certain ones might gather up the details of your online activities and sell them to other companies on their own.

The most obvious place to use a VPN—the classic example nearly every expert cites—is the coffee shop with free WiFi. Even if the WiFi network is password-protected, that password is accessible to everyone else, too. While many websites do encrypt traffic, someone snooping would still be able to capture metadata, such as which sites you're accessing. In addition to masking your identity and encrypting your data, some VPNs will stop advertisers and other third parties from collecting information about you.

Nunnikhoven recommends picking a VPN that supports your computer and your mobile devices with the same account. And, he says, VPN connections that are always on, or initiate with just a click, are better than ones that require you to enter log-in credentials each time you want to go online. A good example, says Joshua Konowe, chief strategy officer for Silent Circle, which specializes in secure communications, is TunnelBear.

The company has connection spots in 20 countries, and your machine will automatically connect to the closest available point. That minimizes the distance your data has to travel and reduces potential slowdowns. Remember, when you use a VPN, your data has to make an extra stop along the way. TunnelBear also subjects itself to independent security audits and publishes the results, Konowe says. It also scores points for not logging any user activity.

A good VPN provider will offer all of the above options. You should also check the pre-shared keys they use for those protocols, since many VPN providers use insecure and easy-to-guess keys. Accept nothing less than a diverse stable of servers in multiple countries. You might be thinking: ISP throttling is one of the reasons many people turn to VPN networks in the first place, so paying extra for a VPN service on top of your broadband bill just to get throttled all over again is a terrible proposition.

Avoid VPNs that impose bandwidth restrictions unless the bandwidth restrictions are clearly very high and intended only to allow the provider to police people abusing the service. Finally, read the fine print to see if they restrict any protocols or services you wish to use the service for. Many of the largest VPN providers will tell you as much: Although some VPNs will note that they keep logs for a very minimum window such a only a few hours in order to facilitate maintenance and ensure their network is running smoothly, there is very little reason to settle for anything less than zero logging.

You heard us right on that last bit: You could buy a gift card to any number of big box stores using cash, redeem it for VPN credit, and avoid using your personal credit card or checking information.

In addition to meeting our outlined criteria and exceeding our expectations for quality of service and ease of use all of our recommendations here have been in service for years and have remained highly rated and recommended throughout that time. StrongVPN is a great choice, as it meets the needs of both power users and casual users alike. If you want a more granular control or need to manually configure devices like your router, you can follow one of their many guides for different operating systems and hardware to do it manually.

Additionally, StrongVPN maintains no server logs. There are servers in basically any country you can imagine, and they are big enough to be able to handle a lot of customers. If StrongVPN and SurfEasy are like like a solid mid-class sedan, TunnelBear is more like the econo-car if you buy a TunnelBear subscription or the city bus if you use their generous free program.

The free TunnelBear service offers up to MB per month. The free account is limited to a single user, while the premium account enabled unlimited bandwidth for up to five computers or mobile devices. Unlike the previous two recommendations, however, TunnelBear has a firmer stance against file sharing activities and BitTorrent is blocked. The VPN Comparison Chart can help you determine what is considered strong by the color coding on these fields.

Be sure that even if the service has the type of encryption you want available BY DEFAULT — some services will technically offer strong encryption, but it has to be manually configured not user friendly. When you start to search for services and are browsing on their websites, there are some additional items you may want to consider. Best case, this is an abuse of power by companies stretching the limits of their ideas on how to gather this info, worst case, it can be used to intentionally violate your privacy and tie your device back to the site and activity performed on it.

Choose a company that respects your privacy enough to use few if any persistent or external tracking cookies. If they are already violating your privacy the moment you visit their site, you have no assurance that they will take your privacy seriously after hiring them to represent your interests. Available for years, https allows websites to entirely encrypt all data sent and received with the user, effectively blocking out those that might try spying on such web traffic.

Choose a service that encrypts their website with an SSL Certificate. Additionally, CloudFlare, Incapsula, and similar services have recently become popular with websites for their DDoS protection and dynamic bandwidth scaling. Many of the points made above are relevant to security as well as privacy, and I will point some out below. Jurisdiction, specifically Enemies of the Internet are important to be aware of, to ensure an environment where laws are enforced and physical security that we take for granted in some parts of the world are applicable to the servers we communicate with.

This also helps indicate that our service and the servers we connect to are located in places that respect internet freedom. IPv6 should be specifically tunnelled or blocked outright the same as with the privacy scenario above.

Both data and handshake encryption should be strong and available for the protocol you choose which again, should not be PPTP.

Other protocols are probably secure enough for daily use. Note that no protocol is bulletproof and exploits probably exist and are discoverable for each and every one of them.

Such exploits are even more discoverable by governments with vast amounts of resources. If your only concern is escaping geoblocks, your needs are far less numerous. Being able to connect to an exit node in the country of your choice is really the only requirement. Some parts of the world are resisting the ever-growing ability for their citizens to freely share information and as such have implemented roadblocks in their networking infrastructure to cripple such communication.

Other networks belonging to large corporations or maybe even your Internet Service Provider may restrict you from using certain ports, limiting what you can use the internet for. However, there are ways to get around these restrictions by using the right VPN. The VPN Comparison Chart shows which services support which of these protocols and features in their configuration.

The idea with a Kill Switch is that when the VPN loses its connection, it completely prevents the device from using internet, thus preventing accidental leaks of local connection data. Kill Switches are implemented very differently and will never be secure due to their design. There are two main types of kill switches, those that shut down preconfigured apps in response to detecting the VPN connection has dropped and those that disable the network connection or delete routes etc if they detect a disconnection.

In both of these cases the Kill Switch component is having to react to an event and very often leads to leaks — just a single packet is all it takes to compromise your privacy.

The only way to be absolutely certain that packets cannot leak is for there to be an independent component the Firewall that blocks all packets unless destined for the VPN interface. In theory, if such an event occurred forcing them to compromise their principles, they would stop updating the canary, which in turn would indicate to users that their data is no longer private. Note that not all companies use effective warrant canaries. There is some debate as to the effectiveness of a warrant canary between experts to begin with — as force can be used by governments to coerce companies into maintaining them, thus nullifying their effectiveness.

They are usually nothing more than marketing theater. If a company WAS operating a good canary, it would be almost impossible to tell. I hope that this guide has been useful. If you like the project and find my work useful, please consider donating — your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh. However, transparency comes before trust. More on Trust As a lawyer represents your legal interests, a VPN service among others represents your privacy interests.

More on Affiliates In the main section at the beginning of this guide, I talked about affiliate practices, so I will only briefly mention it here. Jurisdiction In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe.

Don’t Feel Like Reading Everything? Here’s the TL;DR Version

Leave a Reply