Safer Internet: Connection: Use a VPN

Summary | Choosing | Configuration |
References: General | Android | Government | iOS |
Products/Reviews | macOS | Windows


Summary

  • [1] Choose and Configure a Virtual Private Network (VPN) to connect to the Internet:
  • To keep info extra private or secure:
    when your device (or remote site) lacks the latest security updates
    -- https: (normally secure) might be vulnerable,

    or when communicating insecurely with a site via plain (unencrypted) http:
    -- block ad injections/tracking by ISPs,

    or when you're on an open, public, insecure non-WPA Wi-Fi network
    (including Wi-Fi with a widely distributed password, e.g., coffee shop -- though https: is usually enough)
    -- avoid MITM (man-in-the-middle) attacks from nearby,

    or when using a foreign cell carrier or SIM card (whose encryption might be compromised),

    or when plugging into a public ethernet jack, e.g., hotel cabling and/or switches may have been compromised.
  • If travelling, esp. internationally -- avoid monitoring and bypass content/service blocking,
    e.g., [1] location-based "geofencing", e.g., streaming services, banks? [2] government censorship of sites/apps
  • Potential disadvantages: configuration, slower, sites may detect/block VPN access
  • diagramHow much of connection is encrypted / anonymous?
    {Figure 4. TCYOP-4: 60; TCYOP-3: 48}
  • Connection between you and the VPN uses your IP address
    -- everything is encrypted.
  • Connection between VPN and destination site uses VPN's IP address
    -- content still encrypted, if https: used initially
  • Site does not see original IP address -- however, anonymity not guaranteed
    if government or hacker can obtain VPNs server logs
  • [1] Reduce monitoring/logging by network providers (ISPs, cell companies) and governments
  • If not using a full VPN, at least encrypt web address (DNS) lookups?
  • "1.1.1.1 Faster Interet" (free Cloudflare app; iOS, Android) uses a VPN
    to enable faster more secure DNS lookups (only) -- not content) (section: WiFi: DNS)
  • [2] If working remotely -- company info very attractive to hackers/spies
  • [2] Reduce recording of your searches by search engines, e.g., Google
    -- there are easier ways, e.g., see :Browsing:Search Privately
  • [3] For more anonymity (IP address), see Browsing:Anonymity, e.g., Tor, TAILS
  • [3] If you're a high-profile target: dissident, whistleblower, executive, celebrity, wealthy, cryptocurrency speculator, ...
  • [3] Supplement your firewall protection
  • References

Choose a VPN Service

  • paid version vs. free (ads, limits)
  • performance -- it can be somewhat -- or a lot -- slower
  • company experience, longevity, privacy policy, trustworthiness
  • anonymity decreased by server logs?
  • network reliability, availability
  • bandwidth/transfer limits
  • configuration ease & support
  • trustworthiness & accuracy of product reviews
    -- there are many mediocre or bad services; don't choose only because of an 'incredible' (life-time) price.
  • country of company's servers and operations?
    some believe their government can't obtain their logs if a VPN company is based 'offshore';
    if ownership and security policies of a VPN are not transparent, can you trust that it isn't run by a government agency, or ?
  • Joe's recommendations {TCYOP-4: 60-61; TCYOP-3: 49-50} -- all platforms, unless otherwise noted
  • [1] Free, ad-supported, usage caps, e.g., Hotspot Shield; privacy risk?
  • [1] Free, specific browser, e.g., Opera; Mac, Win
  • quick[1] Paid services/subscriptions:
  • Cargo VPN (Mac-only)
  • Encrypt.me (formerly Cloak)
  • Disconnect Premium; browser only? includes other privacy and security features
  • IVPN
  • personalVPN / WiTopia* (also: jumpthewall.net);
    Why Use a VPN?; Why We're the Best VPN;
    [1] And, iOS, Mac, Win; [2] others -- on right: "Quick Connect" screen;
    *if you subscribe to personalVPN, please use this referral link (or code: Q8Hg3YRM)
    -- you'd receive an immediate 15% discount, and Steve receives a similar credit!
  • Private Internet Access (PIA)
  • [3] NordVPN; also routes your connections through Tor
  • [3] Hardware VPN router, e.g., WiTopia Cloakbox Pro, e.g., for all home devices

setting iosConfigure and Use a VPN Service

  • Example personalVPN (Witopia): all platforms: apps & manual setup
  • personalVPN apps available: Android; iOS; macOS, Windows
  • others (manual setup): Chromebook, Fire, Linux, Surface, etc.
  • In app, login using separate VPN username and password
    -- different from main account credentials.
  • iOS: Settings > VPN; right: configurations: "1.1.1.1" & personalVPN
  • other macipad otherInstead of default (Quick) connection, change to
    a gateway/server in a different country or specific city,
    e.g., on right: iOS and Mac screens
  • [2] comparison of protocols;
    setup: IPsec; L2TP; IKEv2;
    [3] OpenVPN/OpenSSL most secure/customizable;
    [3] PPTP older, not recommended

References

Android

Government

iOS

macOS

Products / Reviews

Windows