While a VPN can be a useful tool, it doesn’t magically make you untraceable online.
What is a VPN?
A VPN, also known as a Virtual Private Network, is a way to securely connect you to a remote network. Personally, I use it as a way to connect all my devices together, despite being on separate networks and external IP addresses. A VPN allows me to access my Raspberry Pi powered cloud from anywhere, as long as I’m connected to the same VPN. However, their use case has changed in recent years, and have gone from something only businesses and/or nerds used to something everyone can use with the click of a button.
Protecting your internet connection
VPN’s are now used as a way to hide your internet traffic from ISP’s and potential packet sniffers on the network. Since a VPN creates an encrypted tunnel between you and an external server, any attempt to tamper or monitor anything in between you and the VPN server will be pointless. This allows for you to unblock websites on a school or work network, while making sure the network administrator cannot see the websites you visit. It is important to note that VPN’s can be blocked, and it is possible to detect VPN traffic, but not where the traffic is going beyond the VPN server(from the local network, anyways).
Changing your external IP address
Another common use for VPN’s is changing your IP address, often to make it appear as if you are from a different location. Many music and TV streaming services have different content available depending on your location(due to licensing). Since a VPN has all your internet traffic go through a server, websites can usually only see the IP address of that server, and not your original IP. That being said, there are leaks in certain extensions that can reveal your IP. Also, many streaming services block all access from the majority of VPN servers available.
The problems with using a VPN
There is a misconception that VPN’s protect your privacy and make it harder for websites to track you. Well, that isn’t really true because there are a lot of tracking methods that don’t require an IP.
Cookies are basically pieces of text a website tells your browser to store. Upon subsequent visits, your browser sends those cookies back to the website. While cookies do have many legitimate uses, such as keeping track of what account you’re logged into, they can also be used to track you. Because your browser doesn’t care about how many times your IP changes, the same cookies are sent to the website, regardless of if you’re on a VPN or not. If you ever visited a website before activating a VPN, that website can still know your IP, despite being on a VPN.
The problem with cookies is that you can’t really use the internet without them. You can disable and delete cookies, but then you won’t be able to log into websites, pop-ups and banners(thank you for that, GDPR and EU cookie law 🙂 ) you dismissed will keep coming back, and form inputs won’t save(such as auto-filling your name and email on comments forms).
The vast majority of websites you visit, you probably have an account for. No matter how often your IP changes, or how often you wipe cookies, logging in gives website a really easy identifier to track you with. Many websites require an account, while it’s just more convenient on others. The point is that you’re the biggest privacy concern to yourself, not your IP, or cookies. If you never log into a website, and clear your cookies every day, there’s little a website can do to track you, even if your IP remains static(which many home ISP’s don’t even offer).
A DNS, or Domain Name System, is how your browser converts a domain name(i.e. google.com) into an IP address. Without this, you’d need to manually enter the IP address of every single website you want to visit. And even then, many websites are often hosted on a single IP, and rely on the hostname header to differentiate between them. A good and often used analogy is to a phone book. You can look up a name, and get the number you need.
The problem with this is that, chances are, your DNS queries are being sent in plain text, and to your ISP. If you don’t change your router settings, all website lookups are being done through your ISP’s DNS servers. So, even with a VPN, your ISP can know what websites your visiting(or just looking up, but chances are you’re actually visiting the site). DNS over HTTPS solves this, but the easiest solution is for your VPN client to change your DNS settings, or you can manually use a privacy-conscious DNS, such as 184.108.40.206(Cloudflare’s).
The VPN service itself
There is also the problem of the VPN provider you’re using. While there are many reputable VPN services that have a strict no-log policy, many “free” VPN services track and sell your internet browsing history to third parties. The reason “free” is in quotation marks is because while those providers don’t cost you money, they still cost you, just in another way.
A VPN only encrypts your traffic up to the VPN server. Beyond that, your internet is just as easily tracked as before. All you’re doing is essentially pushing the risk up a few steps instead of completely removing it.
How to protect your privacy
The only way to not be tracked online is to NOT be online. But since that’s not going to happen any time soon, here are some tips to help:
- Do NOT use a free VPN service
- Use a good DNS(i.e. 220.127.116.11)
- Clear your cookies
- Don’t log in to websites unless absolutely necessary
Originally published at www.nerdoflinux.com on October 22, 2018.