According to a PC Magazine survey of 3000 US consumers conducted in late 2018, just over half had used a VPN.
Uses for a VPN
What do you think of when you hear the term Virtual Private Network (VPN)?
Many of us think of a VPN as being a method to connect to our workplace network in order to work from home. Using a company-provided VPN connection, the worker is able to connect to their work PC and access all its software through programs such as Remote Desktop. Thus the worker is able to do just about everything they could do on their computer in the office while remaining at home. Although it uses the internet to carry the network traffic, a VPN connection uses strong encryption, making it (at least in theory) impossible for someone to intercept proprietary corporate data.
A second popular use for a VPN is to secure communications when accessing an unencrypted WiFi network, such as a public hot spot. Public WiFi hot spots, such as those found in restaurants, motels, etc. are often unencrypted. Since data is transmitted “in the clear” over radio waves, it is fairly easy (and fairly likely where a large number of people are gathered together in one place) for a malicious third party to monitor. A decade ago, most web pages, and even some email services, used unencrypted (http) connections to transmit data. All someone would have to do is login to their Facebook account (for example) from Starbucks and have someone else within range of the WiFi network running a monitoring program. Their password would be instantly stolen. These days though, almost every social media and email site uses the secure http (https) protocol – at least for the exchange of login information – if not for the entire session. Thus there is less reason to use a VPN on a public network these days, although doing so does not hurt anything.
A third use for a VPN is to get around restrictions put in place by an Internet Service Provider (ISP). A residential ISP may throttle certain types of internet traffic (for example, sharing of large files such as videos). Using a VPN, the traffic is encrypted, that preventing ISP from knowing that it is a protocol that needs throttling. Another example would be an ISP that offers land line phone service as an add-on package to internet service. This ISP may block telephony traffic for VoIP protocols such as SIP, in order to get more customers for their land line service. Using a VPN, the protocol itself, as well as the content, is encrypted, thus allowing the provider’s restrictions to be bypassed. This is also important for users in countries such as China where access to certain sites may be blocked by the government. If the user is able to connect to a VPN located outside their country, they can browse the internet with all the freedom of a user located in the country where the VPN is located.
A fourth reason to use a VPN is anonymity. Let’s say someone observes an unsafe practice in their workplace, and they wish to report it. However, they feel they may be subject to retaliation if the comments can be traced back to them. If they attempt to send an “anonymous” email from home, that email will likely have their IP address in its headers. Knowing the IP address often allows the location of the sender to be narrowed down to a specific neighborhood. It may even reveal their complete identity, if they have ever identified themselves on the destination site before. It might be safest to use a public computer (such as one at a library for example). However, an acceptable layer of safety might also be provided by using a VPN service from home. Some people are just annoyed at personal data collection. They wish to remain anonymous to marketers, so when they search for information about the latest new gadget their friend is talking about they don’t start getting bombarded by ads for this product on the web going forward. By using a VPN, marketers are no longer able to correlate their IP address to someone potentially interested in the product.
Many employers (particularly in Information Technology jobs) provide a VPN for their employees. Perhaps the employee is expected to be able to investigate problems that occur outside regular working hours (i.e. be “on call”). Perhaps it is a perk to the employee to be able to “work from home” on certain days of the week using the VPN.
Commercial providers cater to other VPN needs described above by selling access to VPNs. A typical rate is from $5 to $20 a month. Most providers allow the user the choice of dozens or even hundreds of servers, located throughout the world, in order to keep their location and identity private.
Connecting to a VPN
In order to connect to a VPN network, you will need a VPN client. This is generally provided by the company providing the VPN access (employer or commercial provider).
Many commercial VPN providers allow the use of OpenVPN. This is a good thing, as the software is open-source, which means anyone can examine the code to look for possible security holes. There is much incentive for a student or security researcher to “make a name for themselves” by discovering and reporting any security problems that exist in a widely-used product. Open-source software also makes it very difficult to hide any “back doors”, since a lot of people look at the code. The OpenVPN client is fairly easy to install and get running on a PC or laptop.
Some employers use proprietary VPN software. Proprietary VPN clients can be more difficult to install and get working. I remember once spending almost an entire day with the support desk of one company I worked for trying to get connected to the company’s network using the proprietary VPN product that they used. Security holes are also more likely in to surface eventually in proprietary products. However, even the worst commercial VPN products usually can prevent eavesdropping by “casual” hackers.
Running your own VPN
What if you could set up your own VPN server, and connect to it when on the road? Why would you want to? And how would you do it? In the next blog article, I will discuss why I set up my own VPN server on my home network, and how I did it.