The biggest question I got after my A Few Simple Steps post last week was about how Virtual Private Networks, or VPNs, can help online privacy.
The short answer is that a VPN is a great way to increase your privacy. The only problem is that you are still ultimately putting your trust in the VPN provider that they are not logging your browsing, that they won’t sell your data, and that they won’t respond to unwarranted requests by law enforcement.
If you're completely new to the idea, this is a good explainer:
A Short Guide to Virtual Private Networks
Many VPN providers tout their location in data privacy friendly countries as an added feature, and that they don't log your visits longer than they have to to operate efficiently. The fact is that in most cases you just don't know who they are or what they're going to do with your data.
But when your starting point is your ISP actively selling your browsing habits and doing all sorts of other stuff you probably don't want, it’s better to take that data away from them. At least a VPN's business actually relies on the trust of its customers. One could imagine that if anyone caught a VPN provider doing something shady, they would cease to be able to keep customers.
For this reason I can't recommend any of the free VPNs. There may be some trustworthy ones out there, but I don't know how I would audit them to any level of satisfaction. When the best choice you have is to just trust a company, I'd rather go with a company whose business model I understand and whose incentives are most aligned with mine. Paying a company for their services makes sense to me. Running your own VPN is the only 'free' option I would recommend.
This nuance is a bit of a digression from the steps outlined in the previous post, and it's what kept me from recommending it to everyone. However, I myself use a VPN service and once you understand the trade offs, getting setup with a VPN is pretty straightforward.
The Easy Way
The easiest way to get setup is to find a VPN provider that's trustworthy and has the features you want. Then you just signup and follow their particular setup processes. They'll probably have native apps to download on all the devices you plan to use on the VPN.
Personally, I use ExpressVPN*, but there are many to choose from here:
The DIY Way
This usually involves running a public web server in your house that becomes your gateway to the rest of the internet. This finally gets you around the trust issue, but has some steep downsides:
- Equipment costs. There are cheap ways to do it, and your router may even have a simple option, but you may find it doesn't fit your needs and want to upgrade. Depending on your internet plan, you may want to level up on that too.
- Speed. Since all your requests need to first go to your house and then out to the rest of the internet, it adds latency to your browsing. Your home bandwidth may cause slow down in addition to the inherent lag. All VPN services suffer from this additional lag, but chances are the service can optimize theirs better than you can optimize your own.
- Technical ability. While the instructions may be straightforward for anyone who is not intimidated by cryptic details, if you hit a wall it's difficult to even understand what the problem might be.
- Maintenance. By going this route you are pledging to yourself that you will always patch any hardware or software that's involved in your setup. If you don't, you could be creating attack vectors for your home network that didn't exist before. You are now the IT admin of your house.
- Location. Whereas a VPN service will make your internet traffic look like it's coming from the VPN server, your traffic will always look like it's coming from your house. Even when you're traveling. Depending on your desires, this could make you feel less secure. And while you'll be able to watch content as if you are in your home country even when you're not, some VPN services give you the option to choose which country you appear to be in.
I enjoy running my own web services from a Raspberry Pi in my house, but I ultimately decided to go with ExpressVPN for the reasons above. If you're braver than I, you may be interested in the following links.
If you currently run your own VPN server, I'd love to hear how you deal with the issues mentioned above and whether the upside is worth the trade offs.
Ultimately I recommend that most people use a VPN if they can afford to pay for it and understand the issues surrounding trust and privacy. There's no one-size fits all recommendation, but you're likely way more secure from many attack vectors and data leaking that I strongly advise using a VPN service that you feel good about.
* I'm an ExpressVPN affiliate, so I get a small kickback if you signup after following my link.