Other issues in this category (29)
About VPN services and anonymity on the Web
Friday, February 26, 2021
In this Anti-virus Times issue, we will talk about VPN. Many of our readers have probably heard about this technology: in recent years, the abbreviation VPN has become synonymous with secure online surfing.
The idea of digital anonymity was born when the Internet appeared and went hand in hand with evolving network culture. As the World Wide Web spread and increasingly more people connected to it, the issue of keeping transmitted information private became more important and passed smoothly into the plane of personal safety. VPN technology (Virtual Private Network) became one way to exchange data securely.
VPN networks were not at all created for visiting banned sites, combating advertising trackers or hiding a user’s real location. Initially, it was business people who took note of this way of organising a network—VPN technology allowed them to establish a secure connection between separate local networks (such as remote company branches), using the physical infrastructure of the public network—i.e., the Internet. That allowed businesses to safely share files and manage secure communication channels.
Currently, VPN services are represented as a tool for the anonymisation of user Internet traffic. Client applications and services for implementing virtual private networks make up a significant share of the high-volume software market, and commercial demand for these products is still growing. Of course, the main issues users are concerned about are: does VPN provide sufficient security when I’m online? Does it protect the transmitted data? Does it hide my identity and activity from prying eyes? Let's get to the bottom of these questions.
When considering a VPN's operation, it’s impossible within the confines of this issue to go into detail, otherwise we would have to simultaneously learn the principles of networking, routing, TCP/IP operation and many other complicated things. Therefore, we will use simpler categories. As noted above, a VPN is a virtual private network. Let's define what a private network is. As an example of a private network, let's take a simple local network: a phone, a computer and your router, which is the gateway to the "outside world"—another network or the Internet. But what is a virtual network then? One suitable definition is: a network of devices that are not directly connected with each other over other networks with the help of software tools. It becomes clear that the VPN technology allows users to connect geographically dispersed devices as if they are were in the same private network, while the Internet infrastructure is used to transmit information. In other words, a VPN is a network over a network. The very essence of a VPN's operation allows the end user to obtain the following practical advantages:
- the user’s device is connected virtually to the desired local network;
- the Internet traffic and user location are hidden from outsiders due to tunnelling and encryption.
Before analysing each item individually, let's see how a VPN connection is built using a common implementation called Remote Access. This principle of constructing a virtual private network is used by operators of VPN services to connect customers to their servers, and by employers to connect their remote employees to companies' local networks. To establish a connection, special software is used—it creates a virtual network adapter on your computer and rebuilds the routes for traffic flow in accordance with the necessary parameters. Depending on the route, packets go through the created virtual adapter. Then, via the virtual channel, packets are sent to the VPN server, which can geographically be located anywhere in the world.
You have probably guessed what it is that helps conceal the end user's location. Let's take another look at the created virtual data communication channel: your PC—a virtual gateway located in another country (a VPN server)—the requested resource. When using this channel for all sites and destination servers, you will be a user from the country that has jurisdiction over the VPN server that is serving you. Thus, you’ve hidden your real location and can now visit blocked resources and see banners in another language, but advertising trackers will receive irrelevant information about you.
Now let's see how security and traffic anonymisation are organised. The virtual data communication channel between your device and the VPN server is called a tunnel. Why is it so difficult for a third party to analyse the traffic passing through this tunnel? Encapsulation, authentication and encryption mechanisms are used to protect the data when a protected virtual private network is created. Here is a visual analogy.
There is an open data communication channel. It is a transparent tunnel, and we can see how "trains with wagons" (packets with information) are going along it. When we create a virtual connection, another tunnel is laid through this transparent tunnel—this time a non-transparent tunnel. An outsider cannot track the fact that "the train" is passing through the tunnel. The process of "packaging" one transport channel to another transport channel is called encapsulation. Encryption, in turn, allows the unauthorised recipient to unload the wagons passing through the non-transparent tunnel. Finally, authentication is the process of verifying the recipient’s identity. Thus, all traffic passing through the tunnel, theoretically cannot be analysed from "the outside".
It would seem that this is it—digital anonymity and complete security. But, unfortunately, using a VPN cannot guarantee this. To begin with, only a VPN operator can see and analyse such traffic, if necessary. Of course, using a VPN eliminates all intermediaries—potential intruders, sniffers, agents of the world’s various intelligence agencies, and other dubious persons, but the question of confidence in the VPN service operator remains relevant. Does it really not keep logs? Does it sell personal customer data? What helps monetise its services? Ordinary users surely cannot answer these questions; all that they can do is rely on the operator's honesty.
Another thing to bear in mind: even if your location’s traffic is fully hidden from intermediaries, a VPN connection will not provide you with absolute anonymity. When working on the Internet, the user inevitably leaves disclosure signs, allowing his or her identity to be revealed after some factors are analysed and compared. As a rule, they are of a social nature and are based on a user’s online behaviour. Therefore, neither Tor nor VPN nor proxy anonymisers especially will give a 100% guarantee of online anonymity.
We should also mention the popular extensions for browsers that can supposedly fully replace VPN solutions. Today, there exist plenty of both paid and free plugins that allow users to change their location or hide traffic from prying eyes with just a single click. However, we do not consider these products to be a true realisation of VPN technology. Some of them provide encryption and anonymisation for your Internet traffic but do not connect your device to the operator’s virtual private network, essentially acting as proxy services with additional features. In addition, browser extensions work only with browser traffic and do not encrypt all Internet connections.
You should bear in mind that a VPN exists as a variety of different software implementations, and depending on the application, it can use different network protocols, topology, routing, software and encryption algorithms. In this regard, it is impossible to see how different operators’ solutions work. Marketing has firmly captured this place, so the average user often has to wonder just what technology is hidden behind an advertising wrapper and whether it is secure.
The Anti-virus Times recommends
- Using a VPN is generally a reliable way to keep cybercriminals from seeing that data is being transferred.
- Choose services that have a reliable reputation and provide full VPN connectivity.
- A VPN allows users to protect their data while working via public Wi-Fi networks.
- Always remember the risks and show discretion because a VPN cannot turn you into a "ghost".
- Some resources monitor VPN connections and block them—for example, flight booking portals and content platforms.
- Free VPN services have a number of restrictions, but the worst thing is that monetisation occurs due to embedded ads. In addition, there is no guarantee that your personal data won't be sold.
- A VPN operator is able to see your traffic, but you cannot personally verify its working methods.
Therefore, you should choose a service carefully.