Proxy and VPN

From BoyWiki

A proxy is a server that routes connections in order to provide some additional service such as security, anonymity, or information processing. A common use is to connect to a proxy in order to mask one's IP address from a web server. There are thousands of proxy servers available, but many of them may not be trustworthy. One of the most secure system of proxies is Tor, a protocol for onion routing, the tor proxy is made up of three different proxy servers located in different countries, in order for an attacker to find out who is behind a website request he would have to get access to all servers and get hold of the logs, which are not meant to be kept by tor operators.

VPN (Virtual private network)

A VPN is a single hop proxy that is considerably faster than tor and that is its main advantage. A VPN is not as secure as Tor and there have been instances in which people using a VPN to commit a crime have been arrested. When choosing a VPN, to minimize the risk of your privacy being compromised one should look for a company that does not keep connection logs for too many days and it is located offshore (i.e. not in your country of residence). Nearly all VPNs claim not to keep logs about the websites you visit but they do not specify anything about connection logs, it is not necessary to know what websites you visit to track you down, only connection logs, time and date of connection and what IP was assigned, are needed.

VPN vulnerabilities

A very common VPN vulnerability is that the server sometimes will disconnect and show your real IP, this will be unexpected and there is little protection against it. One rough trick you can use to notice a VPN disconnection is to stream online music while you surf the Internet, for example listening to Pandora radio, when the VPN disconnects the music will stop playing, another way to stop accidentally exposing your IP is choosing a company that has VPN software with IP binding, Security Kiss has such feature, when IP binding has been activated it will stop your IP leaking out.

A second VPN vulnerability is a DNS leak, before you can access a website its URL needs to be resolved, DNS is used for this, by default you will be using your ISP DNS servers to resolve addresses, if your DNS leaks it would be possible to find your Internet provider by looking at that DNS name, although your computer IP would still be hidden. DNS leaks are sometimes patched by your own VPN provider but not always, if you use a VPN you can check if the DNS leaks visiting the DNSleaktest in external links. You can manually prevent DNS leaking changing your DNS resolver to a free one like Comodo Secure DNS, OpenDNS is another free DNS provider.

To completely avoid VPN disconnections revealing your computer IP the best one can do is to use an SSH tunnel instead of a VPN, unlike VPNs, SSH tunnels do not route all of your Internet traffic, they work on per application bases, when an SSH tunnel goes down your browser will not work and your real IP will remain secret until the tunnel is activated again. Privacy trends point towards VPNs, there are very few commercial SSH tunnel providers, some of them are VPNSecure.me, Cotse.net and Tunnelr.com

Understanding VPN logs

All VPN providers will advertise that they do not track users and do not log what sites they visit, but it is not necessary to keep a record of visited websites to track someone down, all that is needed is to keep connection logs detailing at what time and on what date a user had the specified IP, these are the kind of logs that proxy and VPN providers keep, connection logs. Websites servers log accurate visitors time and dates, if for example, a VPN provider receives a complaint from Yahoo that someone posted a political comment on a specific date and time using a particular IP belonging to that VPN company, all that is needed for the VPN company is to look at the connection logs and see who had that IP that day on that time matching it with a real person.

If a VPN company receives a request to match one of their assigned IPs with a user and the VPN only keeps logs for a few days they can easily reply that nothing is available, a VPN provider is not an ISP and they are not required by law in the US or Europe to keep connection logs. Many Internet Service Providers, depending on jurisdiction, have a legal duty to keep connection logs, many other ISPs voluntarily keep them, when you use a VPN the Internet Service Provider will not be able to record what activities you are doing over the Internet other than seeing that you are connected to a VPN and nothing else will leak.

Free VPN providers

Free VPN services can be used to get around Internet filters and light privacy, free VPN services are financed either selling your data to advertisers or giving you a limited bandwidth amount with the hope that the user will get tired of limitations and upgrade to their paid for version.

Companies providing free VPN access tend to have vague privacy policies for these services, paid for VPN providers are more keen to emphasize in their FAQ how long for they keep logs, their business does not rely on selling advertising but in selling privacy, it is essential for privacy activists when using a VPN to select a provider that keeps logs for as few days as possible, free VPN providers can be suitable for privacy if they clearly state on their FAQ what kind of logs they keep and how long for, one should play the paranoid card too and not automatically assume that everything a company claims without proof is true, it is best to go for well established companies, long standing companies are more likely to get caught lying if they have been operating for years than a new out of the blue VPN provider.

See also

External links