Personal VPN

There’s been a lot of privacy talk in the news recently, triggered by the U.S. House and Senate voting to stop new ISP privacy rules from taking effect. This won’t be a discussion on the politics, but since the President is expected to approve the measure it’s worth considering options if you’re concerned. Plus, it’s never a bad time to review security. One thing worth mentioning is that the affected rules were slated to take effect at the end of this year, so the change simply maintains the status quo. On the other hand, I don’t know of anyone outside of the big telecom companies that considered the new rules to be a bad thing for consumers.

Generally, VPNs (Virtual Private Networks) have been used to provide security when you’re on the road, using unknown networks. They provide an encrypted tunnel between you and where ever your VPN provider enters the internet. A VPN can also be used to keep your ISP from seeing what sites you visit although they are rarely used for this today.

Most ISPs provide an option to opt-out of tracking, although it may be hard to find out how to do this. If you want to limit ISP tracking then your first step would be to hunt down this option and opt-out.

Some things to keep in mind when using a VPN from your home:

  • VPNs will negatively affect your performance. This may not be noticeable and the impact will vary over time, but all VPN services will impact performance at least some of the time.
  • While data is hidden from your ISP (although they will know you are using a VPN), your VPN provider will be able to see all your traffic. Like your ISP, they could track you.
  • A VPN service isn’t a ironclad security or privacy guarantee. Websites can still track you through your browser usage. Plus, you need to trust the provider to properly implement the service.

There are hundreds of VPN services out there and choosing one can be daunting. There are a few that I have extensive experience with and can recommend.

TunnelBear is a Canadian company that offers VPN service on Mac OS, Windows, Android and iOS. They also offer a Chrome plugin to encrypt browser traffic. They don’t keep any logs but they also don’t allow torrenting. Pricing is $50 for a year of unlimited use, paid in advance. If you want to subscribe on a monthly basis it’s $10/mth. They offer a free plan that provides 500MB of data per month. The free plan can also serve as a trial.

The iOS client uses IPSec/IKEv2 which requires UDP ports 500 and 4500 which may be blocked on some networks. I didn’t have any issues when using TunnelBear around town. I did have to enable IPSec Pass-through (which opens those two ports) on my home router in order to use TunnelBear when at home.

Cloak VPN is based in the United States. Their VPN clients are limited to Mac OS and iOS. Cloak is pricey for a yearly subscription at $100, which provides unlimited data. But they offer smaller plans which can economical if you only need sporadic use of a VPN. A 5GB/mth plan costs $3 while an unlimited weekly pass runs $4.

Cloak is one of the easiest VPN clients to use. It can automatically connect to networks and enable the VPN, blocking traffic until the VPN connection is active. You can also identify trusted networks so that the VPN is not enabled on these networks.

Synology VPN (or VPN+): If your goal is to prevent your ISP from tracking your internet travels then Synology VPN is a non-starter. The VPN server is on your Synology NAS (or router) and all traffic will leave the VPN tunnel before it heads off on the internet via your ISP. While it provides security when your out on untrusted networks it will route all your mobile traffic through your ISP, giving it even more information.

Another option is a whole house router, where your router connects to a VPN service as a client. You’ll need a router that supports this setup and a reliable VPN service. These days many routers do list a VPN feature, but this usually means the router runs a VPN server that you can connect to when you’re out and about. This has the same drawback as the Synology VPN in that it doesn’t hide anything from your ISP. I’ve never been able to justify the cost and complication of a router based whole-house VPN client so I don’t have any actual experience with this type of setup.

If you want more information here are some places to start:

VPNs Are for Most People—Including You | The Wirecutter – This was updated March 24, 2017 and provides a VPN overview along with more details about what to look for in a VPN provider.

Best VPN Reviews | Best10VPN – Mega-list of VPN providers. As usual, never make a decision based on one internet site, but this can provide a good starting point.

How ISPs can sell your Web history—and how to stop them | Ars Technica – An overview of the recent legislative changes (or non-changes) and options for dealing with them.