Dave I/O

One day, a long, long time ago, I was trying to play an old game (that some of you may remember if you’re equally crusty) called Rise of the Triad with a friend of mine 11 miles away. Running under the then-advanced Windows 98, we were trying to dial each other directly via modem within the game to allow us to compete head-to-head. Put simply, it wasn’t even slightly working.

We looked into our options, and I discovered that a newly-added feature called VPN – Virtual Private Networking – might be helpful. We both had Internet access, and while the game didn’t support Internet-based gameplay the VPN feature would allow us to create a virtual link between our computers over the public Internet. As far as applications were concerned, our computers would be connected directly together, with Windows taking care of all the behind-the-scenes magic to keep this link going.

Time passed, and businesses jumped on the idea. Security was ladled upon it and various vendors came out with their VPN implementations. Suddenly, sales staff could access networked company resources, in a secure way, from wherever their travels took them as long as they had an Internet connection. Branch offices could become part of a bigger, global, but private network without spending out for expensive, long-distance dedicated cable runs.

Time passed. As many of these things do, VPN implementations became more ubiquitous and less expensive. It was the dawn of wireless networking that gave them the final kick in the teeth to become a consumer product.

Why?

Starbucks.

Coffee, Cake and Computers

Wireless networking was a huge deal. While speeds left something to be desired, Internet connectivity was usually slower than the speed of the network anyway – so it was a perfect way of sharing out Internet access without having to bother with the expense and hassle of cable runs, switches, hubs and repeaters.

Coffee shops discovered that people quite liked the idea of sitting in their premises and fiddling around on the Internet. The better Internet experience that they could feed their customers, the longer they stayed and the more they spent on caffeinated beverages. Wireless networking was perfect for this – by disabling the security designed to keep usurpers out, anyone in range could connect and browse whilst supping a latte or twelve.

Along came the sniffers.

Kismet, Hardy

Of course, with a network open to all comers, everyone’s data was being thrown around the airwaves in plain sight – all a malicious user had to do was know how to listen. Free tools like Kismet and aircrack-ng were released to let people do just that – a practice known as ‘sniffing’. Your passwords were now in the hands of anyone with a bit of technical knowledge, a laptop and sufficiently few scruples.

It suddenly became important to take responsibility for the security of your data in transit, because the implicit privacy of a physically wired network had just been pulled out from under you. Wouldn’t it be lovely if all your data were armoured against sniffers until it passed out of their reach?

Consumer VPN providers offer just this.

With a VPN enabled, when you make a connection to a server on the Internet, the traffic is first encrypted to make any sniffers’ data useless.  They’re still able to capture the traffic, but it’s scrambled beyond readability. In the meantime, the encapsulated data makes its way to your VPN server, where it’s decrypted and relayed to its destination.

Wherefore art thou, Romeo?

An interesting side-effect of the way this works is that the remote server thinks that it’s talking to the VPN server. It has no idea that there’s someone behind that VPN server using it to relay their traffic. This means that the remote server has no idea who you are – and, more importantly, where you are. This location distortion gets very cool for sites that care where you are, like the BBC iPlayer or Hulu. With a VPN server in the right country, you can consume content that can’t be accessed by clients outside of that country.  All you need to do is connect your VPN, make sure all traffic is being routed through it and visit the site in question as usual – everything else is transparent.

When it rains, it pours

This lack of information about the puppet master makes VPNs perfect for torrenting and other peer-to-peer activities with legal consequences. If you’re sharing a VPN server with other users, it can be very difficult (or impossible) to prove which user was downloading or sharing content – as opposed to doing so unprotected, in which case it’s all too easy to find out who is providing your Internet access and send you a rather costly court document.

Trust me, I’m a VPN provider

There is a downside to all of this wonder, however. Because your traffic to and from remote sites is going through one server, it’s fairly easy for a malicious VPN operator to do the sniffing at their end and capture your data. Application-level security like https:// URLs still provide security, but anything sent in the clear is at risk. Unfortunately, there’s no easy way around this; you just have to pick a reputable VPN provider. Also, the more people use their service, the harder it is to capture all of the traffic at once increasing the likelihood of security. I’m afraid you’ll just have to use good judgment here.

A few VPN providers that don’t suck

VyprVPN

VyprVPN is a service provided by Giganews to its Diamond customers. I am a user of VyprVPN, and it’s excellent. You’re provided with a fully routable IP address meaning BitTorrent works perfectly, and they provide endpoints in the Netherlands, Hong Kong, the US west coast and the US east coast. The only other geographical region that I’d like to see an endpoint here is the UK. Speeds are excellent, and of course you get Giganews‘ Usenet access which is second to none.

Relakks

Relakks only provides one endpoint – Sweden – but focuses on speed and privacy, while being a very cost-effective option. Relakks have been around for quite some time now, and while they’re not particularly useful for getting around geolocation checks if you just want to secure your traffic when you’re out and about, they’re a good choice.

Cryptocloud

Cryptocloud have endpoints in the UK, Netherlands, US east coast and US west coast. Their throughput is excellent, and they are one of the few companies that provide OpenVPN support in addition to PPTP. In my opinion, OpenVPN is a more secure option than PPTP, so if you’re in any way concerned about a targeted attack on your traffic then Cryptocloud would be a good choice.

Homebrew

There’s no reason you have to go with an established provider. Virtual private servers are cheap these days, and if you’ve got the requisite technical knowledge then you can turn any of them into a VPN server. Just bear in mind that the IP address will be trackable back to you, so while they’re less useful for torrenting and other p2p stuff they are excellent for security at hotspots as you’re in control of the server that’s relaying your traffic.

Go forth and encrypt!

If you have any questions or want to recommend another provider, I’d be interested to hear about it in the comments. It’s an evolving field, but one that comparatively few people are aware of right now.