Safer Internet: Connection: Use a VPN

Summary | Choosing | Configuration |
References: General | Android | Government | iOS |
Products/Reviews | macOS | Windows

Summary

• [1] Choose and Configure a Virtual Private Network (VPN) to connect to the Internet:
• To keep info extra private or secure:
  when your device (or remote site) lacks the latest security updates
  -- https: (normally secure) might be vulnerable,
  
  or when communicating insecurely with a site via plain (unencrypted) http:
  -- block ad injections/tracking by ISPs,
  
  or when you're on an open, public, insecure non-WPA Wi-Fi network
  (including Wi-Fi with a widely distributed password, e.g., coffee shop -- though https: is usually enough)
  -- avoid MITM (man-in-the-middle) attacks from nearby,
  
  or when using a foreign cell carrier or SIM card (whose encryption might be compromised),
  
  or when plugging into a public ethernet jack, e.g., hotel cabling and/or switches may have been compromised.
• If travelling, esp. internationally -- avoid monitoring and bypass content/service blocking,
  e.g., [1] location-based "geofencing", e.g., streaming services, banks? [2] government censorship of sites/apps
• Potential disadvantages: configuration, slower, sites may detect/block VPN access
• How much of connection is encrypted / anonymous?
  {Figure 4. TCYOP-4: 60; TCYOP-3: 48}
• Connection between you and the VPN uses your IP address
  -- everything is encrypted.
• Connection between VPN and destination site uses VPN's IP address
  -- content still encrypted, if https: used initially
• Site does not see original IP address -- however, anonymity not guaranteed
  if government or hacker can obtain VPNs server logs
• [1] Reduce monitoring/logging by network providers (ISPs, cell companies) and governments
• If not using a full VPN, at least encrypt web address (DNS) lookups?
• "1.1.1.1 Faster Interet" (free Cloudflare app; iOS, Android) uses a VPN
  to enable faster more secure DNS lookups (only) -- not content) (section: WiFi: DNS)
• [2] If working remotely -- company info very attractive to hackers/spies
• [2] Reduce recording of your searches by search engines, e.g., Google
  -- there are easier ways, e.g., see :Browsing:Search Privately
• [3] For more anonymity (IP address), see Browsing:Anonymity, e.g., Tor, TAILS
• [3] If you're a high-profile target: dissident, whistleblower, executive, celebrity, wealthy, cryptocurrency speculator, ...
• [3] Supplement your firewall protection
• References

Choose a VPN Service

• paid version vs. free (ads, limits)
• performance -- it can be somewhat -- or a lot -- slower
• company experience, longevity, privacy policy, trustworthiness
• anonymity decreased by server logs?
• network reliability, availability
• bandwidth/transfer limits
• configuration ease & support
• trustworthiness & accuracy of product reviews
  -- there are many mediocre or bad services; don't choose only because of an 'incredible' (life-time) price.
• country of company's servers and operations?
  some believe their government can't obtain their logs if a VPN company is based 'offshore';
  if ownership and security policies of a VPN are not transparent, can you trust that it isn't run by a government agency, or ?
• Joe's recommendations {TCYOP-4: 60-61; TCYOP-3: 49-50} -- all platforms, unless otherwise noted
• [1] Free, ad-supported, usage caps, e.g., Hotspot Shield; privacy risk?
• [1] Free, specific browser, e.g., Opera; Mac, Win
• [1] Paid services/subscriptions:
• Cargo VPN (Mac-only)
• Encrypt.me (formerly Cloak)
• Disconnect Premium; browser only? includes other privacy and security features
• IVPN
• personalVPN / WiTopia* (also: jumpthewall.net);
  Why Use a VPN?; Why We're the Best VPN;
  [1] And, iOS, Mac, Win; [2] others -- on right: "Quick Connect" screen;
  *if you subscribe to personalVPN, please use this referral link (or code: Q8Hg3YRM)
  -- you'd receive an immediate 15% discount, and Steve receives a similar credit!
• Private Internet Access (PIA)
• [3] NordVPN; also routes your connections through Tor
• [3] Hardware VPN router, e.g., WiTopia Cloakbox Pro, e.g., for all home devices

Configure and Use a VPN Service

• Example personalVPN (Witopia): all platforms: apps & manual setup
• personalVPN apps available: Android; iOS; macOS, Windows
• others (manual setup): Chromebook, Fire, Linux, Surface, etc.
• In app, login using separate VPN username and password
  -- different from main account credentials.
• iOS: Settings > VPN; right: configurations: "1.1.1.1" & personalVPN
• Instead of default (Quick) connection, change to
  a gateway/server in a different country or specific city,
  e.g., on right: iOS and Mac screens
• [2] comparison of protocols;
  setup: IPsec; L2TP; IKEv2;
  [3] OpenVPN/OpenSSL most secure/customizable;
  [3] PPTP older, not recommended

References

• {TCYOP-4: 59-66; TCYOP-3: 47-57; Recommendations, Beware VPN Review Sites, The Problem of End-to-End Privacy, Using a VPN Router, SSL Implementation Bugs and Issues, Avoid DNS Mischief}
• sections: Refs: Android; Government; iOS; Products/Reviews; macOS; Windows
• topics: censorship, China, IPSec, L2TP, PPTP, OpenVPN
• Wikipedia: VPN; proxy server
• Wikipedia: Tunneling Protocol; Internet Protocol Security (IPsec); Point-to-Point Tunneling Protocol (PPTP); Layer 2 Tunneling Protocol (L2TP); OpenVPN
• table: PPTP vs L2TP/IPSec vs OpenVPN
• HowStuffWorks: How VPNs Work
• dnsleaktest.com, ipleak.net check if IP address private
• Don't Fall for These 7 VPN Myths
  1. VPNs are mostly for illegal activity
  2. VPNs make you completely anonymous
  3. Free VPNs are just as good as paid VPNs
  4. VPNs speed up your internet
  5. VPNs can bypass any geo-restrictions
  6. VPNs are too complex to use
  7. VPNs protect against malware and viruses
  CNet; 11/9/2023
• 5 Reasons to Use a VPN CNet; 9/29/2023
• VPN Obfuscation: What It Is and Why You Might Need It CNet; 8/17/2023
• Why You Should Use a VPN When Booking a Hotel it's travel industry standard to use dynamic pricing, location is one of the many factors that affect prices
  -- one of the few you can control; LH; 8/9/2023
• Browser-Based VPNs: 3 to Try if You Want to Improve Online Privacy
  easier and speedier to use than typical VPNs (router, apps), these lightweight privacy boosts are handy to have around;
  Brave Firewall + VPN; Firefox Private Network; Chrome w/ a VPN extension; CNet; 10/7/2022
• What You Need to Know About Google's VPN
  if you pay for Google's cloud storage, you might be able to take advantage of it; Giz; 2/25/2022
• 3 companies control many big-name VPNs: What you need to know
  Kape Technologies Plc (Formerly Crossrider Plc): CyberGhost VPN (Crossrider), ZenMate VPN, Private Internet Access, ExpressVPN;
  Ziff Davis (Formerly J2 Global, Inc.): IPVanish, Strong VPN (Encrypt.me, ibVPN, SaferVPN);
  Nord Security (Tesonet): NordVPN, Atlas VPN, Surfshark;
  CNet; 2/5/2022
• Here's why you probably don't need to rely on a VPN anymore
  the widespread use of encryption has made public internet connections far less of a security threat, cybersecurity experts say; NBC; 12/31/2021
• A New Report on VPNs Shows They're Often a Mixed Bag for Privacy
  Consumer Reports white paper; Giz; 12/8/2021
• iCloud+ Private Relay explained: Don't call it a VPN
  'public beta' feature this fall for paid iCloud accounts;
  VPN differences: works only w/ Safari, not all traffic;
  easily identifiable as a 'proxy server' (VPNs usually aren't);
  can't hide your region; MW; 11/17/2021
• It’s Time to Stop Paying for a VPN
  more sites use https: and/or support MFA; NYT; 10/6/2021
• NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs 9/28/2021
• Can ISPs, Websites, and Your Boss Tell If You're Using a VPN? LH; 9/10/2021
• VPN Hacks Are a Slow-Motion Disaster
  recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown;
  Wired; 4/25/2021
• Is your VPN secure? How to make sense of VPN encryption PC; 3/24/2021
• Three VPNs popular with criminals and active for over a decade have had their servers and web domains seized by law enforcement from US, Germany, France, others safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers; ZD; 12/22/2020
• Researchers say seven Hong Kong-based 'no log; VPNs have left 1TB+ of user logs and personally identifiable info exposed on the internet Reg; 7/17/2020
• VPNs: 3 things they can't help you with Let you game at work without the boss knowing; Protect you from viruses and tracking; Get you online during an internet shutdown; CNet; 3/10/2020
• Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data Android: Free and Unlimited VPN, Luna VPN, Mobile Data, Adblock Focus; iOS: Adblock Focus, Luna VPN; BF; 3/9/2020
• NordVPN users' passwords exposed in mass credential-stuffing attacks Ars; 11/1/2019
• How to Protect Your Data in the NordVPN, TorGuard and VikingVPN Breaches LH; 10/22/2019
• Hackers steal secret crypto keys for NordVPN. Here's what we know so far Breach happened 19 months ago; Ars; 10/21/2019
• Cloudflare Launches Its Security-Focused Mobile VPN, Again WARP; Wired; 9/25/2019
• Opera 60 debuts with a free, faster VPN, and Netflix hasn't blocked it yet PC; 4/10/2019
• Cloudflare 1.1.1.1 with Warp Accelerates Internet Privacy 4/1/2019

Android

• Best Android VPN CNet; 10/9/2023
• The 5 best VPNs for Android PC; 6/17/2023
• 7 Android VPN apps you should never use because of their privacy sins Yoga, proXPN, Hola, oVPNSpider, SwitchVPN, Zoog, Seed4.Me; CNet; 9/9/2019
• Opera adds unlimited VPN service to its Android browser for free 256-bit encryption and no data logging; 3/20/2019
• Check if Your Android VPN Is Collecting Personal Data LH; 3/7/2019
• Facebook VPN that snoops on users is pulled from Android store Onavo Protect VPN (removed for iOS 8/2018); Ars; 2/22/2019
• How to Set Up Opera's Mobile VPN for Secure Browsing on Android LH; 2/7/2019

Government

• Russians Need VPNs. The Kremlin Hates Them Wired; 3/30/2022

iOS

• All iOS VPNs are worthless and Apple knows it, claims researcher
  long-time bug in iOS prevents any VPN from fully encrypting all traffic; ApIn; 8/17/2022
• Security researchers warn of scam VPN apps on iOS Buckler VPN, Hat VPN, Beetle VPN; fake reviews, expensive subscriptions; ApIn; 6/3/2020
• Researcher: a vulnerability affecting iOS 13.3.1 and later prevents VPNs from encrypting some traffic, potentially exposing user data or leaking IP addresses BC; 3/26/2020
• How to View VPN Connect Time on iPhone or iPad OSXD; 2/5/2020
• How to Delete a VPN from iPhone or iPad OSXD; 12/14/2019

macOS

• How to use a VPN on a Mac MW; 12/7/2022
• Apple has removed a controversial feature in macOS 11.2 beta 2 that allowed its own apps to bypass third-party firewalls, security tools, and VPNs ZD; 1/14/2021
• Apple apps on Big Sur bypass firewalls and VPNs TNW; 11/16/2020
• How to Delete a VPN Configuration from Mac OSXD; 2/2/2020

Products / Reviews

• Witopia sometimes is not listed in (paid) product reviews, or given a bad rating (possibly since based in US). Witopia Support responded to me: "Honestly we are not sure where they are getting a lot of their data from as it is not accurate. They are even giving a bad rating for companies that have offices in the USA which is odd. We have reached out to them many times to try and get them to correct the bad data but they refuse to reply or correct. We do not store any logs of users. We do not share data with other parties about your usage, sites, services etc. We do not limit anything (bandwidth, filters throttles etc)."; About; Why We Are the Best VPN
• Best VPN services: Reviews and buying advice for Mac users MW; 11/6/2023
• Best VPN service CNet; 8/28/2023
• Best Mac VPN CNet; 8/20/2023
• Best VPN Services: Reviews and Buying Advice PC; 8/10/2023
• The Best VPNs to Protect Yourself Online Wired; 7/9/2023
• TunnelBear 5.0.1 TB; 4/21/2023
• Best VPN Service NYT; 3/14/2023
• NordVPN review: A great choice for Netflix fans, but who's running the show? NordVPN has good performance, great features, and it suits novices and power users alike. But who is running the show down there? PC; 9/29/2021
• You Should Probably Stop Using ExpressVPN
  Kape Technologies (an Israeli technology firm with a controversial past) owns ExpressVPN, Private Internet Access (PIA), CyberGhost, ZenMate; Giz; 9/24/2021
• Which VPN Providers Really Take Privacy Seriously in 2021? 6/14/2021
• Is a free VPN safe? What to look for
  Who runs the VPN?
  What data does the VPN collect?
  What does the VPN do with your data?
  How does the VPN make money?
  How does the VPN secure your data?
  Best free VPNs to start with; PC; 3/15/2021
• Hackers are actively trying to steal passwords from two widely used VPNs Fortigate, Pulse Secure; Ars; 8/24/2019
• Risky free VPNs still available in Apple App Store & Google Play despite warnings AI; 8/13/2019
• Do You Trust Your VPN? Are You Sure?
  what's 'reputable'? US vs. offshore location/ownership? some VPNs are scams, shady/biased review sites, slow performance, ads; Slate; 2/28/2019

Windows

• Malwarebytes releases new VPN service for Windows Malwarebytes Privacy. in future: Mac, iOS, Android, ChromeOS versions; BC; 4/23/2020