A brown hat with the text "LDH consulting services" next to it.

Tip of the Hat

22 November 2019

Privacy Tech Toolkit: VPNs


Welcome to this week’s Tip of the Hat!

Data breach and website hacking stories are (sadly) commonplace in the news. But what happens when the hack in question did not involve a single site, but your entire browsing history, complete with sensitive data, while you were logged into what was supposed to be a secure and private connection? With the recent breach with three VPN services – NordVPN, TorGuard, and Viking VPN – customers might be looking at that reality.

Some of you might be scratching your heads while reading the reports, though. Not everyone is familiar with VPNs, how they work, why they matter, and when you should use one. In this newsletter, we’ll cover the basics of VPNs, including how you can use them to protect your online privacy.

VPN Basics

A virtual private network (VPN) is a network of computers that provide access to the internet from a private network. Let’s use your work’s VPN service as an example. You are traveling with your work computer and you need to log into a work application. The problem is that the application can’t be accessed by computers outside the office. That’s where the work VPN comes in. You open your VPN client and log into the VPN service, creating a connection between your computer and the office server running the VPN service. This connection allows you to use the internet from that office server, making it appear that you are back in the office. Your computer can then access the work application now that the application thinks that your computer’s location is at the office and not in a hotel room.

Typically, the VPN connection is secure and encrypted, which makes VPN use essential for when you are connecting to public WIFI connections. Being able to change your location by using a server in another part of the world can also help protect privacy by placing you in a location other than the one you're currently at. This comes in handy when trying to access sites that are geo-locked (sites that you cannot access outside of a certain geographical area, such as a country). Then there is the privacy component. A VPN can provide privacy protection for browsing history, current location, and web activity. Overall, VPNs can provide a secure and private space for you to browse the web away from those who want to track your every online move, be it some random person running Wireshark on a public network, your internet service provider looking for data for targeted advertising purposes, or possibly even the government (depending on your location).

VPN Considerations

A private and secure connection to the internet can protect online privacy, but as we found out last week, VPNs themselves are susceptible to breaches. This might cause some to wonder if VPNs are still a good choice in protecting online privacy. While VPNs are still an essential tool in the privacy toolkit, you still have to evaluate them like any other tool. There are some things to look for when choosing a VPN for work or personal use:
  • Encryption, protocols, and overall security – is the connection between your computer and the VPN server encrypted? You also have to consider the processes used in the actual creation of the tunnel between you and the VPN server. You might run across a lot of protocol terminology that is unfamiliar. NordVPN has a good post explaining various security protocols to help you wrap your head around VPN protocols.
  • Activity logs – is the VPN service keeping a log of activity on its servers? You might not know if your work VPN keeps a log of user activity, so it’s safer to use a separate VPN service than your work VPN for any personal use. No logs mean no record of your activity and your privacy remains intact.
  • Location – What server locations are available so you can access geo-blocked sites? Do you need your computer’s location to be at a specific IP address or location for work?
  • Price (for personal VPN use) – Never use a free VPN service. They are the most likely to log your activity as well as sell your data to third parties.

VPNs @ Your Library

Most likely you have access to a VPN service at work. While the technical aspects of work VPN are relegated to the IT and Systems departments, there is the question of who can use a VPN. Some libraries do not restrict VPN use to certain types of staff while other libraries only allow those who travel for work or do remote work to use VPN. A potential risk with work VPNs is when staff change roles or leave the organization. Auditing the list of users who have VPN access to the system will help mitigate the risk of unauthorized access to work systems by those who no longer should have access.

Your library provides internet access to patrons, so how do VPNs fit into all of this? First, we have WIFI access. Your library's WIFI is a public network and patrons who want to protect their privacy might use a VPN to protect their privacy. Can your patrons use their VPN service while connected to the WIFI? Your desktop computers are another place where patrons are using a public network, but many public computers don't allow patrons to install software, including VPN clients. There are ways to configure the public network to break the ties between one IP address and one computer, so web activity cannot be traced back to a single computer user based on IP alone.

VPNs And Other Tools In The Privacy Tech Toolkit

VPNs are just one way to protect your privacy online. There are many other ways you can protect privacy, including Tor and other types of proxy servers. Sometimes folks use multiple tools to protect their privacy; for example, some folks use both a VPN service and the Tor browser. Each tool has its strengths and weaknesses in protecting your privacy, and choosing which one to use depends on your situation. We’ll be covering other tools in the Privacy Tech Toolkit soon, so stay tuned!

Have a question or topic that you want us to write about? Email us at newsletter@ldhconsultingservices.com!