What is a VPN?
You’ve probably seen the letters “VPN” in the news lately.
Could stand for a lot of things—“Vodka Party Night” is one of them, according to Urban Dictionary.
But the VPN that’s getting national attention right now is the “virtual private network.”
Some say you should be using one from time to time for security.
And some crooks are trying to trick into using bad ones, to trip you up and take your money and data.
In this special “What is?” series on Archer News, Archer Security Group’s experts explain crucial terms and answer your questions about cyber crime and cybersecurity.
Urban Dictionary entry for VPN. Image: Urban Dictionary
When you settle in at Starbucks or do your online banking at the mall, you may be using free or public Wi-Fi.
But “free” and “public” can also mean “insecure” and “open to any old crook who comes along and puts up a fake-o Wi-Fi network that looks just like Starbucks.”
That bank account password you just sent to Bank of America actually went to Bandit of America.
A VPN can help. Some security experts recommend using one instead of free and public Wi-Fi to make sure you’re not giving all your passwords and data to thieves.
It’s sort of like setting up a tunnel for you to work through so the bad guys can’t see what you’re doing.
A VPN is like a tunnel for your computer traffic. Photo credit: Foter.com
Another big VPN issue is privacy.
After the new government changes that allow Internet Service Providers to get up close and personal with your information—and sell it off for money—some people are turning to VPNs to try to protect themselves.
“You leave little digital artifacts everywhere you go and with everything you do,” explained Patrick C. Miller with Archer Security Group (the parent company of Archer News). “These little digital artifacts can be used to reconstruct your life, in many ways.”
Do other people care about your digital bits? Yes, Miller said.
“Companies make billions on data about you and your habits. Governments may or may not spy on you and your habits. Criminals and hackers are constantly trying to get access to data about you,” he said. “A personal VPN can make it much more difficult to get that data.”
For example, a VPN can make it look like you’re in a different place than you actually are.
“Think of it like camouflage,” Miller said. “They aren’t a perfect solution, but at least you’re not totally visible—or even naked.”
Getting a VPN
So now you might be thinking, “How can I get myself a VPN?”
You can probably do the vodka party night on your own. But getting a virtual private network may need a little extra explanation.
For one thing, crooks are trying to make it ultra-easy for you by sending you offers for their shady VPN deals.
Security researcher Troy Hunt got a spam message from a company called MySafeVPN, supposedly a new VPN service to protect your privacy for just $9.99.
The Twitter account for MySafeVPNcom appears to be out of commission at the time of the publication of this story.
He checked into the company and wrote, “The website itself is full of misleading at best or even outright false statements.”
Hunt and others looking at the company reported that MySafeVPN employees used abusive, taunting language and provided “nonsensical” answers to questions about security.
“…[N]obody in their right mind should pay them anything,” Hunt said in his post.
The website for MySafeVPNcom appears to be out of commission at the time of the publication of this story.
Don’t just grab the first VPN you see.
“Be diligent in your research and look for a provider that is well established, isn’t offering it for free—they often get paid by breaking your encrypted session to serve ads!—and has been vetted by a reputable organization like Tom’s Hardware,” advised Archer Security Group’s Stacy Bresler.
Tom’s Hardware is a site that tests computer technology products and provides information about the results.
A chart of some of the criteria PCMag uses to evaluate VPN services. Image via PCMag
PCMag recommends subscribing to a VPN for a short time to see if it works for you, as well as checking out the company’s privacy and use policies for how they deal with your information.
If you’re interested in privacy, you can check what the VPN service says about keeping logs.
Archer’s Steve Reed looked at the privacy claims of Private Internet Access, a VPN service that gets accolades from Tom’s Hardware.
“PIA absolutely does not keep any logs, of any kind, period,” the company says on its site. “…[T]his provides a high level of security and privacy to all of our users.”
“Due to this, we’re unable to provide information on our customers’ usage of our service under any circumstance, including subpoenas and court orders, which are extremely closely reviewed before we make any response by our experienced legal team,” the company said.
A logo for Private Internet Access. The company says it does not save logs of customer usage.
Reed said he uses two kinds of VPN services, one for privacy, and one for security that allows him to use his home Internet when he is on the road.
“Online banking and shopping is sometimes more convenient if you use your home IP address rather than a random IP from a personal VPN service, because it eliminates the need to re-validate your identity,” Reed said.
Very Poor Network?
You may want to be careful about going to the app stores and picking a VPN based only on positive user reviews.
Researchers analyzed almost 300 Android VPN apps and found that many had security issues.
Almost 40% had some sort of malware connection, the research paper said.
Almost 20% were using tunneling protocols without encryption—”despite promising online anonymity and security to their users,” the researchers said.
Still, many apps received good reviews from users who may not have been aware of what was really going on with their VPN apps, according to the researchers.
Testbed for researchers analysis of Android VPN apps. Image via “An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps“
By now, a vodka party night could sound a lot easier.
But a virtual private network can help you stay more secure in a hotel, at a restaurant, anywhere you connect with Wi-Fi that may not be what it seems.
Just make sure you don’t fall for easy offers that will take you in the opposite direction.
“Signing up for a shady VPN service does the exact opposite of the intended purpose,” Miller said. “You essentially hand over all your data to one company. They can do whatever they want with it—which is usually sell it to the highest bidder.”
“Companies, governments or criminals are usually highest bidders,” he added.