5 things you should know before buying a VPN
Are you uncertain what a VPN should do – apart from help your privacy? – Well, join the club. There isn’t a unitary recipe or single protocol for creating a VPN – or even an industry standard for what the minimum security level should be. Even worse, app stores are riddled with apps calling themselves VPNs which do some rather suspicious activities.
From the Avira perspective, there are two core VPN technical features and two operational ones. These technical features are complete content encryption and encryption of DNS addresses. Operationally, VPN user logs should be restricted to performance issues and there should be no reselling of user data.
Five semi-technical questions and answers about VPN use
That sounds all good and well but in the end it does not help you if you do not know exactly why you’d ever use a VPN and what some of its features are. To help you out please find below 5 things you should know before buying a VPN.
1. When should I use a VPN?
A VPN should be used whenever you are on an insecure network such as a public or hotel WiFi, when you need to have a certain geo-IP address to unlock certain content or web features, or when you want to prevent your ISP and other online trackers from recording your online activities. These three points probably cover the vast majority of your online time and also cover your mobile devices and your stay-at-home computer.
2. Why are exit nodes so important?
An exit node is the technical term to describe a VPN server. When connected to a VPN, your data packets go out from the server through this exit node. This provides two important benefits. First, it encrypts the visited site addresses and the contents exchanged. Second, it gives these packets the IP address of this location, creating a new virtual location for you. When selecting a VPN, you not only want one with exit nodes near you for more easy connections, you also want one with exit nodes in the specific geographies where you want a virtual location. Generally speaking, the more exit nodes a VPN has, the more difficult it is for content providers and nation-states to block it.
3. What VPN protocol is best?
There are a number of acceptable VPN protocols in use. Creating a VPN is like a cooking recipe which can vary according to the device operating system, infrastructure, and type of use – and all put together with the goal of easier connections, faster speeds, and more secure encryption.
OpenVPN is one of the most popular. In addition to using AES-256 bit key encryption, it is open source. This means that users anywhere can and do look closely at the code to uncover any vulnerabilities. L2TP/IPSec L2TP is a combination of L2TP and the IPsec security protocol. It uses the secure AES-256 bit encryption but relies on a single port which makes it easier to block. Two additional acceptable protocols include SSTP and IKEv2. Protocols and encryption techniques evolve over time so this list will change. WireGuard, a new and fast-developing VPN protocol, is the most notable newcomer to this list. It is being expanded to work with more operating systems and has gotten rave reviews for its code simplicity and speed.
4. What is a VPN proxy?
A VPN proxy is essentially a forwarding note pasted on your data packets that gives them different IP address but does nothing to encrypt the contents or the DNS addresses. Because of the lack of encryption, they are simpler, faster, and cheaper to operate than most full-flavored VPNs. They can enable you to circumvent some geo-IP restrictions but do not protect privacy. They are especially common among free “VPNs” for android devices.
5. What are some really useful VPN features?
The most useful VPN functions reinforce the weakest part of the VPN security chain – you the user. If a VPN is working correctly, with full packet encryption and no DNS leakage, the biggest privacy risk for the user is that they will simply not turn it on to use it or not realize when the connection has been broken.
Auto connect will start up the VPN when you connect to an insecure network. This can help prevent you from sending private information over, for example, a public WiFi network. It’s like a seatbelt notification in your car.
The Kill switch drops the network connection when the VPN connection is disrupted. This is especially useful when the network connection is spotty or when the device is connected to the VPN for a long time and you as the user might not be sitting in front of the device at all times. In both scenarios, the kill switch can keep you from unknowingly using the insecure network after the VPN connection has been broken.