In articles where I explained what KODI is and how to jailbreak a fire stick, I’ve recommended using a VPN or virtual private network for various privacy and security reasons. In this article, I want to go into detail on what a VPN is, and how to choose the best VPN service for your purposes. This article covers most of what one needs to know to choose the best VPN service for their needs. Recommendations of VPNs to try are at the end of the article.
Update: We’ve also covered the information in this article on the Grounded Reason Podcast. That episode is below.
What is a VPN
A VPN, or virtual private network, is when a private network extends access to remote computers over the internet. The remote computer, also known as the VPN client, appears to the outside world as if it is part of that network. Many who telework will use a VPN to access their employer’s network. When the teleworker’s computer connects to the internet it appears to be on the employer’s network, just as if the computers physically attached to the employer’s network.
Typically, a home internet user will have a LAN or local area network. That LAN is attached to your internet service provider’s (ISP) WAN or wide area network. When communicating over the internet, the home users LAN communicates through their ISP’s WAN. Therefore the ISP is privy to all the information transmitted in and out of the home users LAN.
However, when using a VPN service, the home user makes a secure encrypted connection to the VPN. Thus, all the information bypasses the home user’s ISP and is instead handled by the VPN’s ISP. A quality VPN will filter out any information about the home user to keep them as anonymous as possible.
Reasons to Use a VPN Service
While I covered this topic a bit in Why You Should Use a VPN Service, I will briefly go into the various use cases for a VPN. However, I personally feel everyone should use a VPN these days.
Unblocking Website Content
As a cord cutter, this is the main reason I use a VPN. A lot of live content, movies and TV shows are only viewable in certain countries or general locations. Typically, this is due to outdated licensing agreements. IP addresses are associated with a location in the world. Using that information, service providers will block computers from a county, state, or locality if they aren’t covered under the licensing agreement. This technique is typically referred to as “geo-blocking.”
Since a VPN user appears to be a part of the VPN network, the VPN user’s IP address has the location information of the VPN. A VPN in a given location will provide access to all the content viewable in that location.
For example, in the U.S, Major League Baseball blacks-out games from their online streaming service in the viewers local market. This is due to an archaic licensing agreement conceived prior to the prevalence of streaming media. Having a VPN service that allows you access to a VPN in another state will get around that inconvenience.
The user is still paying MLB to watch the games. They are simply gaining access to the games they want. While this violates the EULA (end user licensing agreement), the user is paying to watch the content. This same technique can be used to watch U.S. based content when Americans are abroad.
Similar to how MLB blocks a game based on locality, Netflix provides different movies and TV based on country. Again, this is due to complex and archaic licensing agreements. However, the right VPN in that country will provide access to that country’s Netflix content. Netflix has been cracking down on this recently, but there are still plenty of VPNs that still unblock Netflix.
Securing Your Data Online
All VPN’s encrypt data transmitted over them. The secure connection hides the user from their ISP so they appear to be originating from the VPN services network. This encryption provides the benefit of securing the data that is transmitted over the internet by the VPN customers computer or smart device. However, all encryption isn’t created equal. Later in this article I will explain what to look for when it comes to the encryption standard a VPN uses.
Using Public Wifi
Typically, coffee shops, hotels, and conferences will offer customers and attendees free wifi. When you use this perk, your information is available to everyone else attached to that network. However, VPN users can connect to their VPN when on public wifi. This encapsulates the VPN user and keeps them walled-off from all other clients on the network. This is one of the main reasons everyone should have access to a VPN.
Break Out of A Restrictive Network
Whether you are in an oppressive country that restricts internet access, dealing with security controls of a public network, or just want to do some gaming at work, a VPN is a way to it. While I personally don’t use a VPN for any of these reasons, some may. I want to leave no use case unturned.
Cloaking VOIP Calls
Many folks use VOIP (Voice over IP) services like PhonePower, Skype, OOMA to make phone calls. This is especially true of cord cutters as I addressed in my article on phone services for those without a cable bundle.
Unfortunately, unencrypted VOIP calls are easily captured and decoded. This leaves the VOIP users phone call listenable by almost anyone who actively want to listen. A VPN with proper encryption can alleviate this issue.
Your Search History Isn’t Logged
Any time you do an online search with Google, Bing, or other search engine, that query is tied to your IP address. They also have the time you did the search. That is enough information to tie the search back to the user. A VPN service obscures the users IP address, thus it’s much more difficult to tie searches back to the user.
While most major use cases have been covered above, perhaps you just don’t want everyone to know what you are doing online out of principle. As I go into what to look for to find the best VPN service, some criteria will be more important that others based on the use case. People concerned with privacy in general should pay attention to all of them.
How to Choose The Best VPN
Before I go into the various features of a VPN and what to look for, I wanted to warn everyone about VPN review sites. I can confidently say majority of them will be a waste of time for finding a quality VPN. Mainly, for the following 2 reasons:
- Every VPN users needs are vastly different. Therefore, it’s next to impossible to take a one size fits all ranking approach to VPN’s
- VPN services make heavy use of affiliate marketing. This means the website gets paid a commission from the VPN provided for each referral that ends in a sale.
That isn’t to say affiliate marketing is inherently untrustworthy. However, it’s so prevalent in VPN service marketing, it’s hard to separate the honest reviews from those wanting to make a buck.
This website uses affiliate marketing to keep the lights on. However, I only affiliate market for products I’ve used, trust, and support. For instance this site is paid a commission when you use IPVanish as a VPN service.
Furthermore, While I use IPVanish, it doesn’t mean I recommend IPVanish for every use case. I personally use them because they have servers in almost every country I can think of. This is handy when it comes to unblocking geo-blocked content. They also have solid encryption and good speed. While they have these strengths, they may not be best for your purposes.
As I cover the various factors to look for in a VPN, some factors will apply to all VPN users, some factors will apply to most, and some to only a few. While I’ll go into detail, here is a brief breakdown of what matters when choosing a VPN.
What to Look For in a VPN
- Vital Factors
- Uses OpenVPN
- Important for minimal privacy
- Level of Logging
- DNS and IPV6 factors
- If you’re a hardcore privacy advocate
- Level of surveillance in country where VPN is based
- Jurisdiction of country where VPN is based
- Other Factors that may matter
- Number of devices at one time
- Locations of VPN
Encryption predates computers by a few centuries. It is simply a way to encode a message using a cypher or key. A famous way to do this prior to computers was for each party to have the same exact copy of a published book. You could then pass messages changing each letter of the message to a three digit page – line – position cypher. The receiver of the encoded message would translate each three digit combination to a letter using the page, line and position on that line to decrypt a letter.
While this is cumbersome, the only way to “crack” the message would be know the exact edition of the book. This was a very secure way to pass messages prior to computers. Modern encryption involves a cypher as well. Today, it’s just much more sophisticated algorithms based on an old technique.
Before I tell you what encryption standards you should look for in a VPN I wanted to give a high level background on how encryption works. To do this, you should be aware of the two general types of encryption. Those are symmetric and asymmetric encryption.
Each party has the same key which is used to encrypt and decrypt messages so it’s very fast. The problem is, how does one computer pass the key to another computer securely. That’s where asymmetric encryption comes in.
Each party has a public key and a private key. Each party’s public key is shared with everyone. Message senders use the receivers public key to encrypt and send a message to the receiver. Only the receivers private key can decrypt messages made with their public key. Since no one has access to the receivers private key, only the receiver can decrypt the message.
Also a private key can’t be derived a public key. If it becomes possible, then that encryption standard isn’t secure. While this is a near perfect way to send encrypted information, this method is slow due to the large keys used to keep the standard secure.
Encryption Standards to Use
The solution to the speed vs security issue is to pass a symmetric encryption key over asymmetric encryption. This is called a secure handshake. Using the two encryption models together provides both speed and security.
A VPN provider should offer a handshake encryption algorithm of either RSA-2048, RSA – 4096, DH-2048. Those are asymmetric standards.
As far as the symmetric data encryption make sure they are using AES-128 or AES-256.
Solid encryption is one of the most important factors for VPN users. The other important factor is the VPN protocol. I recommend you go with a VPN service that provides OpenVPN.
OpenVPN is a VPN protocol. VPN protocols establish a secure tunnel with your VPN service provider. OpenVPN is open source, which means it’s freely available for security experts to audit and improve it. The free availability of the source code helps ensure vulnerabilities are patched quickly. Choose a VPN that supports OpenVPN. It’s arguably the most secure VPN protocol available. I would avoid using other any other protocol.
Choose a service that specifically states that they do not keep logs, AND which types they do not keep. This is typically stated in the VPN service’s terms of service. If it isn’t stated, buyer beware. Make sure the VPN service provider doesn’t keep ANY kind of activity or connection log with any of the following pieces of information.
- Does not log DNS request
- No Logging of Timestamp
- Does not log IP Address
Do they have an anonymous payment method? You may not want to provide them with any information that may link back to you if you want to remain private. If this is a concern, you may want to make sure they accept payment methods like gift cards, Bitcoin, or cash.
They shouldn’t ask for any information aside from an email. Even that should be one that’s not connected to you. In fact I would register an email address to specifically use for logging into your VPN. Ensure that there is not personal information associated with that account.
DNS and IPV6
A DNS is a domain name server. When you type “Google.com” into a browser, a DNS server translates “Google.com” into an IP address so it can be routed over the internet. Make sure the VPN service has its own first party DNS server. Computers are chatty, they send a lot of information that isn’t visible to you. The VPN provider should be configured to discard a lot of that data, however they may not be. You can use DNS Leaks to test how much information is available from your VPN’s DNS.
The typical IPV4 address is the one you are most likely familiar with. It takes the format of xxx.xxx.xxx.xxx. Aside from location, there isn’t much information to be gleaned from an IPV4 ip address. However, an IPV6 ip address contains much more information. Make sure the VPN is blocking your IPV6 information from going to their ISP. You can test that as well.
Surveillance and Jurisdiction
Some countries in the world are better than others when it comes to internet privacy, censorship, and surveillance. There is a lot of countries in the world, so going into detail on each one is outside the scope of this article. However, there is a handy wikipedia article that covers how privacy friendly various countries are.
If this is of concern to you, pick a VPN based in a country that is friendly to internet privacy. You may also want to look into the informational jurisdiction of particular countries. Some countries have reciprocity agreements in place to share information with other countries. Those countries are referred to as Five Eyes, Nice Eyes, and Fourteen Eyes. The number indicated how many countries are involved in the agreement. Here is a breakdown of those countries:
- Five Eyes – Australia, Canada, New Zealand, United Kingdom,
- Nine Eyes – Five Eyes plus Denmark, France, the Netherlands, and Norway
- Fourteen Eyes – Nine Eyes plus Germany, Belgium, Italy, Spain, and Sweden
I’m mentioning this to keep in mind how your privacy information online can cross international borders.
You don’t need to worry about this unless you are trying to bypass a restrictive network, or trying to hide what your are sending. However, if this is of concern to you, the following VPN features may be of interest. Be aware, that each of these features includes overhead that will impact speed.
Multi-hop: This routes traffic through multiple VPN’s in multiple countries. This offers a layer of privacy protection as your traffic path crosses multiple jurisdictions. Someone targeting your traffic to discover who you are would need the information from each countries VPN to track your traffic.
TCP Port 443: This is the port “HTTPS” traffic is passed over. Therefore, it’s typically a secure open port on most firewalls. Forwarding your VPN traffic through port 443 is a simple way to break through many networks.
Obfsproxy: This proxy transforms VPN traffic into more “innocent looking” traffic.
SOCKS Proxy: SOCKS is a specific proxy server that establishes a tunnel with a client to send secure information. It’s yet another lock that needs to be broken on your information.
SSL and SSH Tunneling: Socks and port 443 are tunnels established with SSL and SSH respectively. There are other ways to do this. Check with the VPN features to see if they offer more methods of tunneling to obscure your traffic.
Other Important Factors
Geo-Blocking: If you care about watching content in other countries and locations, then you need to make sure they offer VPN servers in those locations.
Number of Connections: While many VPNs do not have a limit, you want to check to see if they do and it covers all the device you want to use on the VPN.
P2P Blocking: If you use pier to pier file sharing or torrent, you want to make sure the VPN service doesn’t block P2P.
Speed: Using VPN takes a little bit of overhead. Run a speed test to see how much speed you are losing. You can find one by searching “internet speed test” in Google. You want to make sure there is no bandwidth cap.
Price: Prices vary on VPN service providers. Generally expect to pay no more than $10 per month. Also check to see if they offer a free trial or refund period. It will allow you to test everything we’ve covered in this article.
VPNs to Try
IPVanish – This is the VPN I use. I find it to be a good balance between privacy and the ability to unlock content. They are fantastic at location coverage with over 60 countries. They meet all the privacy standards from a technical standpoints. However, they are based in the United States, which is a Five Eyes country.
Mullvad – Great for privacy with the exception of being in Sweden, a fourteen eyes country. They have servers in less than 20 countries so they aren’t great for unlocking content. Another drawback is they limit connections to 3 clients.
BlackVPN – This VPN would be perfect if it wasn’t for their IPV6 configuration. It tends to be little leaky. Like Mullvad they lack decent coverage for unlocking content, and also limit the client connections to 3.
If this article did not answer your specific question, check out the Cord Cutting Guide. It provides links to the most important articles in our over 200 pages of content to help you ditch pay TV.
You can also get help online with any technical questions you may have. Just check out this Online Tech Support Chat Tool
If you enjoyed this article, please subscribe to our weekly newsletter. It goes out every Thursday and keeps you up to date on information relevant to cord cutters. Subscribing will also inform you on the latest deals out there for internet, streaming, and more.
For tips and tricks on cutting the cord and other tech topics follow Dennis on Twitter Follow @GroundedReason