Recent events have sparked rumors and allegations that have made many question the anonymity of VPN services. While it has always been a known fact that some services offer deeper levels of protection than others, the validity of all such services is now coming under fire. Indeed, online privacy as we know it is at its end – but that’s just as we know it. The new question everyone is asking is whether web users really can benefit from using a VPN.
What About the NSA?
Over the last couple of years, there’s been a lot of coverage (much of which amounts to nothing more than petty speculation) about the capabilities of the United States’ National Security Agency (NSA). Part of what sparked the attention, whether positive or negative, that has been directed towards the NSA is the revelation of the group’s efforts to decode the encryption services that protect user privacy online – chief among them, VPN, SSH, IPSec and SSL.
VPN has become a key point of focus for the NSA after Edward Snowden’s 2014 video discussion at the SXSW conference. In his comments, Snowden remarks that internet users should use the web under the protection of encryption to protect themselves from prying eyes, such as those of the NSA. This has created somewhat of a frenzy for VPN service providers – each of which is trying to prove that their own VPN can stand up to this intrusion.
Choosing the Right VPN Provider
If it is important to you that you’re able to peruse the web without any outside supervision, then you need to be very selective when considering your VPN services provider. Here are some of the key questions you should be asking:
1. Do you own your network or use a third-party?
Organizations running on someone else’s infrastructure have no true way of knowing if server logs are monitored. They also tend to be less responsive to customer needs or concerns, as they must still operate at the mercy of the actual service provider for many support needs.
2. Where is your company based?
Municipalities, states and nations may all impose different legislation at the hands of their governing bodies. Businesses operating within these jurisdictions are legally required to comply with this legislation.
3. To what relevant local legislation is your organization required to adhere?
Find out how your potential VPN service provider is impacted by the local laws and what it may mean for you as an end user.
4. Will I be given a new IP address?
There is absolutely no reason a VPN service provider would not provide you with a new IP address.
5. How frequently will my IP address change?
Many services frequently change the IP addresses they assign to you to make it harder to track your online activity. Some even offer dynamic user IPs.
6. Where will my new IP address be based?
Most VPN users request an IP address somewhere other than the place that they are physically located. Just remember that many ecommerce websites (just like SemoWeb!) will tag transactions as fraudulent if your reported IP address and billing address don’t jive.
7. Can my new IP address’s SWIP information be traced back to you?
IPv4 addresses are assigned and monitored by a governing body known as ARIN. Most of today’s web utilizes IPv4 (with some webmasters transitioning to IPv6) and most ISPs provide regular updates to ARIN about how IPv4 is being used. This data is shared in the form of SWIP (Shared WHOIS Project) reports. In fact, ARIN requires SWIP data from any ISP who is responsible for 5 or more contiguous IP addresses. That means there’s a good chance that your online activity is going to be reported back to ARIN.
8. Do you store traffic logs?
Some VPN service providers do not store any traffic or server activity whatsoever. This means there’s no danger of the security of such logs being compromised. Other providers, however, do keep a close eye on their server activity. As a prospective user, you will want to find out how long these logs are stored and by whom they may be accessed.
9. How easily can your traffic logs be accessed?
Some VPN service providers who do keep traffic logs actually make the log access readily available to basically anyone who asks. Using this information, that party may be able to piece together user activity.
10. Who is able to request access to my traffic logs?
The ideal answer here would be “no one, because they don’t exist” but that isn’t always the case. If it isn’t, you want to know who may be granted access to your server information.
11. Does my ISP (Internet Service Provider) have the right to access my traffic history?
The answer here is likely to fall under the local legislation umbrella. Just as service providers are subject to the laws in their area, so too are service subscribers. That means that the possibility exists for access to some user data to be subject to requests from certain entities.
12. Does my employer have the right to access my traffic history?
See question #11.
13. With which third parties do you share client information?
You cannot trust a VPN service provider to protect your web anonymity if you know they’re sharing your personal information with marketers and advertisers. The answer to this question will tell you a lot about the people you’re considering doing business with.
14. How is the information you share with third parties used?
See question #13.
Ways to Enhance Your Anonymity
Even if your VPN provider is not one of those that has stood up to decryption efforts by outside parties, you can still enhance your online anonymity by building out a robust encryption key. Regular updates to this key will are also sure to help ensure that it will not be decoded. It’s also critically important not to over-share in publically-accessible mediums, such as forums, blogs, social media networks or instant messaging platforms. The most effective way to keep your information private is simply to keep your information private!
It’s also important to remember that groups behind decryption efforts are generally targeting specific users, businesses or known groups. As with many things in life, if you aren’t doing anything to draw attention to yourself, you probably don’t have anything to worry about.