We have all seen adverts for VPN – Virtual Private Networks online, or on the radio or in print. Usually accompanied with images of a hacker poised to steal your digital identity and gain access to all your bank accounts! It’s always shown to be scary stuff – fear sells maybe. But what exactly is this about? Does it work, and are there any differences between VPN’s and VPN providers?
What does a VPN do?
A VPN establishes a custom network connection between two points on the internet. It’s worth mentioning at the very outset that this custom link may, or may not be encrypted. With most modern VPN systems, it almost certainly will be, but it’s not to be presumed.
The new link can be used for all, or just some, of the network traffic. If you are going to rely on a VPN for security it’s going to be necessary to know exactly which bits of the communication are using this VPN link or not. The majority of VPN solutions are designed to be simple and plug-and-play, and provide little – if any – information about what is being done, or how.
The whole field of VPN connections is highly technical so if necessary I’ll try and use analogies that should be more or less sufficient, but apologies to anyone who’s more confused as a result!
A change of authority
At the most basic level, a VPN allows you to change the identity of the controller who dictates how your internet service is handled.
When you connect a mobile device to the internet, the provider that is enabling your internet – your mobile phone company, or your broadband provider, or the owner of the hotel where you are staying, or the people at Starbucks whose WiFi you’re connecting to.
It goes without saying that if you’re entrusting someone with your internet connection and data safety – you need to know who that person or organisation is. If they’re prepared to divulge their identity to you, then you have a be better chance of reasonable security than with a VPN provider you couldn’t contact if you tried.
Remember, no VPN makes you anonymous. It just changes who knows who you are. By registering with a VPN provider and then browsing you are potentially exposing more personal information and habits than before you signed up.
Anonymity is not always good
If you are opting to trust an anonymous VPN provider with your details and data and security, over and above a known provider that’s a massive red flag. There are many ‘free’ VPN providers whose apps you can download in seconds and use without divulging your details. Really, don’t!
If a person in obvious disguise offers to take all your letters to your recipients free of charge to help you bypass the royal mail, I presume you would see the mistake before the worst happened. When malign actors visit the ParentShield website from behind a VPN they stand out like a sore thumb. Being ‘normal’ is by far less suspicious!
Do you even want to be anonymous?
If you are using a VPN to log into Facebook, Google, your bank, your email etc. the party at the far end obviously needs to know it’s you. But they also know it’s you, wearing a balaclava, and sunglasses, fake wig and put-on squeaky voice.
Chances are the very measure you thought might make your internet banking more secure, will result in failed transactions, locked accounts, extra security measures. Using a reputable hotel’s WiFi would be far less suspicious to all concerned.
The VPN might not even be doing things
In a lot of cases, VPN will simply, not work. There are many ways for the VPN to be badly configured, or for an internet provider to set out to thwart your VPN’ing activities.
It could be that your VPN is working for some services – https, or http but other services like DNS – the actual domain lookup ‘directory’ service could still be provided by the provider you are plugged into – giving then a handy list of every website you are visiting, dates and times. While they may not be able to know what you did or saw there, chances are that’s pretty irrelevant.
If it’s an unsecured WiFi – as it happens the one I’m using at a well known holiday resort that the weather cannot spoil – then not only can their IT department access a browsing history, so could the person sitting nearby with a laptop or even mobile phone.
Be confident with the configuration
So knowing that you’re using a VPN is one step, but actually being sure that it’s using secure encrypted name servers and known protocols is something else.
Applications like Skype have to ‘just work’ so they’re made to probe the internet to establish a successful route to the far end. If your VPN blocks one set of ports, or allows them through, its quite possible that Skype will find another way around – circumventing your VPN.
IPv4 or IPv6
Most people have heard ( probably in the advertising guff of VPN vendors ) that when you connect to the internet you are given a unique Internet Protocol or IP address. It’s not actually necessarily unique but it’s there. To cut a log story short, the world has been running out if addresses for a while. There are only 4,294,967,296 possible “original style” addresses, and what with every fridge and doorbell now wanting a piece of the addressing action, they’re all used up.
Most VPN’s, and many mobile phones even, pre-date the replacement of this old-style 32 bit IP address and aren’t guaranteed to work seamlessly with ‘IPv6’ which is the new addressing system currently running side-by-site the old ‘IPv4’ We don’t talk about IPv5 it’s like those cousins that you see at weddings but are otherwise never referred to.
We haven’t seen any IPv6 connections directly from SIM-Only or contract phones, but it will come. With over 80 million mobile phones in use in the UK it’s easy to see why. There are smartphones in use that were made 10 years ago and designed 5 years before that, so support is going to be patchy.
IPv6 has a 128bit address space and unwieldy IP addresses that look like half a telephone directory. The fact that the two systems are now both in play means that it’s possible for older phones or VPN to be bypassed and connected IPv6 – making the VPN, non-existent.
Good reasons for using a VPN
- To change your ‘apparent’ location – Geotagging
- To mitigate against MitM – “Man in the Middle” attacks
- To add an encrypted layer on top of a weak or unencrypted local connection
- To bypass blocks put in place by the local or network service provider
DNS – the Domain Naming System
When you connect your mobile phone to the internet via a mobile phone contract, it’s necessary, every time you visit a website – actually many hundreds of times – to convert the ‘name’ of the website to it’s IP address. For Example, this website: parentshield.co.uk translates to:
IPv4: 81.128.160.192
IPv6: 2a00:2381:f58:100:ae1f:6bff:fe27:56d4
This means your computer connecting to a DNS service and making these translation requests. The DNS service needs to know where to return the information, and needs to know what websites you are visiting.
It’s a trivial job to use this portion of an internet session to know what websites are being visited. Even if the web-pages themselves are encrypted, the destinations are known.
Bad reasons for using a VPN
- To try and be ‘anonymous’
- Because you can!
- To be guaranteed safe from attacks
- To pretend to be someone else
While there are ways of doing this – or of selecting DNS servers that are in your circle of trust, it’s not necessarily in the interest of service providers to let go of this service. If the name servers are untrustworthy it’s also very easy of them to return ‘spoofed’ versions of the sites you want to visit. The site that looks like your Bank’s home-page, could potentially be something, even less desirable.
Very few people will be running their own DNS so delegating this service to an unknown, and therefore untrusted, VPN provider is questionable.
VPN on a child’s Phone
In the context of a child’s mobile phone – one with parental controls – it’s possible to use a VPN to circumvent restrictions. This can be done by downloading or installing a VPN application, or just using the phone’s built-in VPN capability.
You can even do it by visiting ( I won’t list any here! ) one of many websites that will provide the service ‘in browser’. If your child appears to be accessing content that would normally be being blocked by your parental control settings then this is something to be checked out.
If you are restricting access to websites, then it’s important that you also restrict the ability to install apps, as it’s a trivial playground-level operation to download and install a VPN app -particularly a dangerous and free one.
You will also need to restrict access to system settings to prevent VPN access using the phone’s native VPN stack.
None of these services, it goes without saying, are recommended, but it’s where the Internet has taken us.
Use a VPN wisely and with Caution
in summary – if you’re not that tech savvy, a VPN may well be a bit of a mistake – or certainly not do what you thought it was going to do.
Don’t use a ‘Free’ VPN that promises anonymity. There is no free lunch, and your anonymity and security is at the very bottom of these folk’s care-about list.
Connect to the internet with caution and be sure it’s a provider you can trust.
