How to use a VPN for online security and privacy

istock/ImilianEverywhere we go on the internet, someone is watching. Sometimes this is intrusive but not necessarily malicious, like ad networks tracking browsing habits to better target their marketing. But it can be someone up to no good, like a hacker monitoring a public Wi-Fi hotspot or a government spying on its citizens.

Because of this and many other reasons, protecting your privacy online is important. And one of the best ways to do that is using a Virtual Private Network (VPN) to encrypt your home or mobile broadband connection.

What is a VPN?

A VPN is an encrypted connection through which you can access the internet to prevent eavesdroppers monitoring your activity and hide your identity from web sites.

Even your ISP cannot peek inside a correctly configured VPN; all they will see is a stream of encrypted traffic terminating at the VPN provider’s servers. VPNs are especially useful if you need to access sensitive information on a connection you don’t trust, such as a public Wi-Fi hotspot. It is shockingly easy to intercept traffic over a network, so if you’re planning on doing some banking, shopping or work in a coffee shop it’s a very good idea to use a VPN for protection.

Additionally, any sites or services you access when connected to the VPN will not see your true Internet Protocol (IP) address, which grants some level of anonymity. It also allows access to geographically restricted services, such as the US version of Netflix, or sites blocked by an ISP.

The limits of a VPN

As useful as they are, VPNs aren’t a perfect solution to total online security. There are some important points you need to keep in mind when connecting through an encrypted tunnel. We spoke to Daniel Kim at VPN provider Private Internet Access to find out more about the limitations of a VPN and what you can do to protect your privacy.

Anonymity is fleeting

“Logging in to personally identifying websites will render any anonymity/privacy service useless given many of these kinds of websites also double as tracking hubs of web activity”, says Daniel.

While sites and services you access when connected through the VPN may only see the IP address of the VPN server, they’ll know who you are if you do anything which personally identifies you. Cookies can give away your identity too. “Private mode should most definitely be used to avoid tracking cookies.”.

"There are methods for more advanced users (like multiple VPN hops), but these do come with limitations".

You have to trust the VPN provider

When using a VPN you’re placing a great deal of trust in the service provider. Although the link between you and the VPN server is encrypted it is still possible for the connection to be monitored by the VPN operator.

“While against policy and principal, it certainly would be possible for a VPN to partake in said efforts”, says Daniel. “There are a few major points that VPN users can look for to be extra certain of their privacy. For example, Private Internet Access is a verified VPN provider, with court records showing PIA has zero logs”.

Do some research before handing over money. Read their privacy policy, check the company’s background, read reviews and user’s opinions and search for news articles which could reveal red flags. A particularly useful resource is the annually updated feature from TorrentFreak which examines the privacy policies of many popular VPNs.

Be especially cautious with free services. They may be trying to make money in other ways, such as injecting advertisements in web pages. Read their privacy policies and terms of use carefully.

Broadband speed will take a hit

As well as the privacy and security concerns, accessing the internet through a VPN will impact broadband speed. File transfers will take a longer time and even web browsing can be noticeably slower.

For the best speed prioritise servers by location and try switching servers if it gets particularly sluggish. Peak time traffic can have a major impact, so choosing a server in a different time zone can improve performance.

You should also take advantage of trial periods and free access to test the speed of a provider before signing up.

How to use a VPN

The exact steps for using a VPN may differ slightly each time depending on how the service operates. Below are a few examples which should cover the majority of providers.

VPNs often require payment, though free options are available and may be perfectly sufficient for your needs depending on how you’re planning to use it.

Opera browser VPN (free)

Opera recently introduced a free VPN service that’s integrated into their browser. This is very easy to use, however it does only encrypt the web browser session rather than an entire internet connection. That means it won’t work with other applications or services on your computer, so your identity could still be easily revealed. But if you simply need a quick way to privately access a web site or circumvent a block this will do the job.

1. Download and install the developer version of Opera (it’s coming later to the public release).

2. Click Menu > New private window.

3. In the private window click the VPN icon in the left side of the URL bar. Click Enable to activate the VPN.

4. To change the location of the VPN server, click the virtual location drop-down menu. This is necessary if you find a site is geo-blocked or you need to access the specific geographical version of a service (Netflix USA, for example).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TunnelBear (free & premium)

TunnelBear offers both a free and premium service. It’s extremely simple to use as they provide a no-nonsense desktop application for Windows and Mac, as well as Android and iOS software and browser extensions for Chrome and Opera. The free version is limited to just 500MB data transfer per month however, which restricts it to very light usage unless you’re willing to pay. Unlimited access starts at $4.16 per month.

1. Go to www.tunnelbear.com. Click Download to grab the client for your system.

2. Run the TunnelBear client installer and follow the installation steps.

3. When asked to login you can choose to enter account details if you already have them, or create a new account. A valid email address is required.

4. Once logged in the VPN client will initialise. You can connect right away simply by pressing the On/Off toggle. Pay attention to the information screen for connection status messages.

5. To swap to a server in a different region, choose a country from the drop-down list. The change will take a little time depending on your broadband speed and the speed of the TunnelBear servers.

6. Click the cog icon and choose Settings to access the configuration menu. Under the General tab you can enable ‘Vigilant’ mode, which will block internet access in the event the VPN is disconnected (for more info on this important feature see 'kill switches' below). Use 'TCP override' if the connection is particularly slow or unreliable. There is also an option to connect automatically on “unsecure Wi-Fi networks”, and ‘Ghostbear’ mode for connecting in countries like China with unusually restrictive internet access.

 

Private Internet Access (premium)

PIA is an advanced premium VPN service with servers located all around the world. Compared with something like TunnelBear it's not quite as simple to use (though still fairly easy) but offers far more options and boasts strong privacy protection. The PIA privacy policy states they do not keep logs, and while that is not a unique claim for VPNs theirs is unusual for having been tested in court. Prices start at $3.33 per month (when paying annually) for unlimited access.

In addition to native applications for Windows, Mac OS, Linux, iOS and Android, PIA will also work with any device which supports standard VPN protocols, so it can be setup on routers and other hardware even when no client application is available. Our brief guide here goes over the Windows setup procedure, but the support is comprehensive so you should have no problem getting it up and running on other systems.

1. Download the PIA client software from https://www.privateinternetaccess.com/pages/client-support/ and run the installer. If you want to use PIA without the client software (like configuring a VPN on your router for example), see the ‘Other Guides’ section.

2. After installation the application will launch and prompt for a username and password. You can also choose whether to start the app automatically, connect automatically and specify a server region.

3. For more options, click Advanced. Here you’ll find the settings for a kill switch and DNS leak protection. Clicking the Encryption button will also allow you to configure security levels for the VPN, though this should not be necessary most of the time. The defaults are recommended but you can read up about the options in detail on PIA’s support pages.

4. To connect, right-click the PIA icon in the system tray and either click Connect to use the automatic server selection, or choose a specific region from the list.

VPNBook (free)

VPNBook is an entirely free VPN service which comes without usage restrictions. However, unlike many other VPN providers VPNBook does not offer a pre-configured software client. Instead you must manually configure the software for your chosen operating system. This makes it a little more complex to setup, but also very flexible as it will work on any device which supports standard VPN protocols.

The steps below cover Windows, though you can easily find instructions for other operating systems and hardware, including mobile devices and broadband routers.

1. Browse to https://openvpn.net/index.php/open-source/downloads.html and download the OpenVPN installer. Follow the installation steps, using the default options. You may also need to approve installation of the OpenVPN network adapter.

2. From http://www.vpnbook.com/freevpn download any of the OpenVPN certificate bundles for the region(s) you wish to use for your VPN connection. Also make a note of the username and password (VPNBook change this every couple of weeks).

3. Open the certificate bundle Zip file(s) and extract the contents into the Config folder of your OpenVPN directory (by default on 64-bit Windows this is located in C:\Program Files\OpenVPN).

4. Run the OpenVPN GUI application. It will appear in your system tray. To connect, right-click the icon and select one of the servers listed (which will correspond to the certificate packages), click connect and enter the username and password. There are various protocol types available through VPNBook. Try TCP 443 first, but if you have difficulty connecting select the UDP options.

5. To disconnect go back to the OpenVPN GUI and click disconnect in the options for your current VPN server.

Using a VPN - kill switches and DNS leaks

If you’re aiming for complete security when using a VPN you’ll need to be aware of DNS leaks and the need for a kill switch. What are they? Read on.

DNS leak

In order to protect your privacy all internet communications on your computer or other device must go through the encrypted VPN connection. But in some situations there’s the chance of a ‘DNS leak’ which could expose your identity.

Domain Name Servers (DNS) translate web addresses into the unique IP addresses which identify devices on a network - your computer requests access to a domain and the DNS provides the IP. But when using a VPN it is possible the connection will continue using the DNS operated by your ISP (which is logging activity) rather than the anonymous DNS of the VPN.

Many VPNs now have DNS leak protection built in, but before using the connection visit www.dnsleaktest.com. This will run a brief test which will show whether the service is vulnerable. If the test fails (and there is no leak protection built into the client) try applying some of the fixes and test again.

VPN kill switch

If the VPN disconnects for any reason while in use your security could be compromised as it will default back to the regular unencrypted internet. To prevent this a kill switch can be used to block all communications outside of the VPN. If the VPN link goes offline the kill switch locks down internet access until it’s re-established.

VPN service operators are beginning to integrate this into their client software (like the ‘Vigilant’ mode in TunnelBear, above) but if it isn’t available there are third-party tools.

VPNetMon is a free tool which is designed to target specific applications, shutting them down if the VPN link is lost. Another option is VPNCheck, which is available in free or premium editions. The free version doesn’t do much that isn’t offered by VPNetMon, but the Pro upgrade enables the option to lock down the entire network connection rather than individual programs.

An alternative free solution is the IP leak protection from VPN.ac. This is a slightly clunky but effective approach which utilises a Windows batch file; run the .bat each time you connect to the VPN and press ‘1’ to enable the kill switch or ‘2’ to disable it.