Intelligence

Bite-Sized Cyber Essentials: Network VPNs

This article is part of our Bite-Sized Cyber Essentials Guide, which is designed to help anyone understand the essential information they need to incrementally level up privacy and security - at work and at home.

VPNS

Virtual Private Networks (VPNs) are often presented as the ultimate tool for privacy and anonymity. However, this is, among other advertising points, a strong misconception. Using a VPN does not guarantee protection from location tracking, social and web profiling, and most importantly, using a VPN does not guarantee anonymity.

Even though VPNs are very useful, they should not be considered your primary tool to invest in for security and privacy. A VPN will generally only serve as an encrypted ‘tunnel’ for user data to travel through from their device to the VPN server.

ISP Logging

ISP logging

IP Tracking

IP Tracking

Public WIFI Logging

Public WIFI Protection

GEO-based Sites & Apps

Internet Service Providers (ISPs), log a lot of information about their users. By using a VPN, among other security-oriented practices, ISPs will no longer be able to easily identify internet traffic and monitor IP-address related traffic

Internet Protocol addresses, or IP addresses, are the postal addresses of the internet landscape. Given the nature of VPNs, any direct IP tracking and monitoring will be extremely difficult due to the VPN encrypting traffic going out from a device

Connecting to public WIFI without any additional cybersecurity measures leaves users extremely vulnerable. Because a VPN can help mask users’ IP and encrypts internet traffic, users are much safer from having their traffic tracked

Websites and services have gotten smarter, and stricter, about blocking users for using a VPN. Therefore users must be careful about how - and which - VPNs are being used to bypass geo-restricted content

What to Look For in a VPN Provider

After understanding the benefits of a VPN, it is important to know what to look for in a VPN provider. Regarding security and privacy, it is crucial to understand if there is a reliable security protocol, strong log policy, and where the provider is based.

Where They Are Based

Log Policy

Log Policy

Security Protocol

5 Eyes, 9 Eyes and 14 Eyes are an agreement/alliance between countries that compels governments to share information and data about their citizens with each other.


It's important to understand what this means for your data. If a VPN provider is outside of the 14 eyes, they will be less compelled, or obligated, to share any data regarding their customers.

VPN providers will often state that they have a “strict no log policy,” but it is important to see how they back up this statement.

Positive signs to trust log policies:

  • Explicit on what is logged and not logged (e.g., timestamps, traffic, identifying information)
  • Providing 3rd Part Attestations and/or Audit Reports openly

AES 256-bit encryption is commonly known as the standard when it comes to encryption. As such, it is important to take note what kind of encryption the VPN provides.


Additionally, if users participate in peer-to-peer connections, certain VPNs will offer P2P support as a feature, which is excellent for reducing IP tracking in this domain as well.

To summarize, consider the following when looking for a VPN:

Ensure strong encryption of VPN tunnel

Providers with peer-to-peer (P2P) encryption, in addition to IP masking, is also a plus!

Check that they have a “Strict no log policy” and that they back it up

No timestamps, traffic, identifying information, etc.

3rd Party Attestation or Audit Report are a plus!

Outside of the 5/9/14 Eyes

This means they are less likely to share any information they have on you to other countries

The following is a representative list of VPN providers and is not meant as a recommendation or a comprehensive list. We’ve included it here to help our readers understand what types of features we recommend that you look for when evaluating the best password manager for you. Pricing is current as of research date on 12 Oct 2022 - users should check for updated pricing.

VPN Provider
Rate
Encryption
Transparency
Supporting Documentation
MullvadVPN

flat rate €5 /mo

no account needed

AES 256 encryption

No logs

Based Inside 14 Eyes

Open source

Audit report available

Infrastructure & Client Audits Available

IVPN

1 month $6

1 year $5/mo

2 year $4.16/mo

**higher tiers

no account needed

AES 256 encryption

No logs

Based Outside 14 Eyes

Open source

Audit report available

Transparency Report

Infrastructure & Client Audits Available

ProtonVPN Logo
ProtonVPN

limited free option

1 month €10

1 year €5.99/mo

2 year €4.99/mo

AES 256 encryption

No logs

Based Outside 14 Eyes

Open source

Audit report available

Transparency Report

Infrastructure & Client Audits Available

NordVPN

1 month $11.99

1 year $4.99/mo

2 year $3.69/mo

**higher tiers

AES 256 encryption

No logs

Based Outside 14 Eyes

Could not easily find publicly available documentation


Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence