Anonymity & Privacy

How do VPNs work (and how they don’t) πŸ‘€

VPNs are an excellent method for those with moderate privacy needs. In this guide, we will explore what they are, how they work, and how you can use them to guard your privacy.

What is a VPN?

A VPN is a tool that allows users to create a secure connection to the internet. It works by routing your internet connection through a server operated by the VPN provider. This connection is encrypted, which means that anyone who intercepts your internet traffic won’t be able to read or understand it.

When you use a VPN, your internet traffic appears to come from the server you’re connected to, rather than your own device. This means that your IP address is hidden, and your online activity can’t be traced back to you. VPNs are often used to access content that is restricted in certain countries, protect your privacy on public Wi-Fi, or to prevent your internet service provider (ISP) from tracking your online activity.

VPNs come in two forms: free and paid. While free VPNs are available, they often have limitations such as data caps, slower speeds, or limited server locations. Paid VPNs offer more features, including faster speeds, more server locations, and better encryption.

If your adversary is a nation state, then a VPN won’t be suitable as a standalone solution. You’ll need something more thorough, such as TOR, or better yet, WHONIX or TAILS, to hide your true IP address

Which VPN protocol works best?

There are several VPN protocols that you could use. PPTP is absolutely not recommended – it’s incredibly easy to decrypt the traffic in motion and in storage. The L2P2 and IPSEC protocols use fixed ports, which can make them inflexible. Furthermore, this can lead to them being blocked by firewalls. And, if you’re adversary is a nation state, it’s best to avoid -the NSA & GCHQ can break the encryption.

Some VPN vendors create their own protocols, such as NordLynx.

SSTP is a protocol built and maintained by Windows, however, as we’ll discuss in operating system security, it’s best to avoid Windows if you’re serious about protecting your privacy. They have a history of being chummy with the American government.Β 

However, as these protocols are often proprietary by nature, and the source code often isn’t audited by third parties, we recommend using OpenVPN.

OpenVPN is an open source project that combines both SSL and TLS encryption. Because the project is open source, it allows for developers across the world to cross reference each other’s code, thereby reducing – in some cases, eliminating – security vulnerabilities.Β 

If it’s configured correctly, OpenVPN can make it difficult for your adversary to know that a VPN is being used, although take this with a grain of salt; most VPN providers will make the configuration for you.Β 

The biggest disadvantage is that OpenVPN is not natively supported by most operating systems – bar Linux, with several distributions shipping with a version of OpenVPN. The major advantage for privacy enthusiasts is that there is no evidence that the NSA or GCHQ have cracked the encryption as of yet. Bearing in mind that ‘no evidence’ doesn’t necessarily mean they haven’t already found a way to crack the code; intelligence agencies, by their nature, are secretive.Β 

Nested VPNs

Nested VPNs, also known as double VPNs or multihop VPNs, involve routing your internet traffic through multiple VPN servers in different locations. This adds an extra layer of security to your internet connection and makes it even more difficult for anyone to intercept your online activity.

In a nested VPN setup, your internet traffic first goes through one VPN server before being encrypted again and sent to a second VPN server. From there, your internet traffic is sent to its final destination. This process creates an extra layer of protection and adds an extra level of anonymity to your online activity.

This can be done by installing a VPN on the router, and then using a VPN client on your PC. Thereby, all traffic will be routed through the first VPN on your PC before being routed through the second VPN on your router. You can also install one VPN on a virtual machine, and one on your host machine.Β 

It’s important that you don’t contaminate aliases when setting up your nested VPN configuration. Never let the second VPN see your real IP address. And never pay for VPNs using anything other than cryptocurrencies.Β 

While nested VPNs provide additional security, they also have some weaknesses. The most significant weakness is that they can slow down your internet speed even more than a single VPN connection. This is because your internet traffic has to travel through multiple VPN servers before reaching its final destination.

In addition, nested VPNs can also be more expensive than a single VPN connection, as you’ll need to pay for multiple VPN subscriptions to set it up. However, if you’re concerned about your online security and privacy, a nested VPN setup may be worth the additional cost and slower internet speeds.

What are the weaknesses of VPNs?

While VPNs are an excellent tool for protecting your privacy and security online, they do have some weaknesses that users should be aware of. Here are the most significant weaknesses of VPNs:

Some countries, such as China and Russia, have strict internet censorship laws that prevent citizens from accessing certain websites and online services. VPNs can be blocked in these countries, which means that users won’t be able to access the internet through a VPN.

VPNs can be blocked

Even in countries where VPNs are legal, some online services, such as streaming services like Netflix and Hulu, have taken steps to block VPNs from accessing their content. This means that even if you’re connected to a VPN, you may not be able to access the content you want.

VPNs can slow down your internet speed

When you use a VPN, your internet traffic is routed through an extra server before it reaches its destination. This extra step can slow down your internet speed, especially if you’re connecting to a server that is located far away from your physical location.Β In addition, VPNs can also have data caps or throttle your internet speed, especially if you’re using a free VPN. This means that even if you’re connected to a VPN, you may not be able to stream high-quality video or download large files at fast speeds.

VPNs can leak your IP address

While VPNs are designed to hide your IP address, they can still leak your IP address under certain circumstances. For example, if your VPN connection drops unexpectedly, your internet traffic may continue to flow through your regular internet connection, exposing your IP address.

In addition, some VPN providers may keep logs of your internet activity, which could potentially be used to identify you. It’s important to choose a VPN provider that has a strict no-logging policy and is located in a privacy-friendly jurisdiction.

VPNs can be vulnerable to hacking

While VPNs are designed to protect your online security and privacy, they can also be vulnerable to hacking. If a hacker gains access to the server that your VPN is connected to, they may be able to intercept your internet traffic and steal your sensitive information.

In addition, some VPN providers may not use strong enough encryption to protect your internet traffic from being intercepted. It’s important to choose a VPN provider that uses strong encryption and has a proven track record of protecting user privacy and security.

What is Deep Packet Inspection (DPI)?

Deep packet inspection (DPI) is a technique used by some ISPs, governments, and other organizations to monitor internet traffic. DPI involves examining the contents of data packets that are being sent and received over the internet. This allows the organization to analyze and filter the data to identify specific types of traffic, such as video streaming or file sharing.

While DPI can be used for legitimate purposes, such as network management and security, it can also be used to invade user privacy and violate net neutrality. DPI can be used to track and monitor user online activity, including the websites they visit, the content they access, and the services they use.

One of the ways to protect against DPI is to use a VPN. When you use a VPN, your internet traffic is encrypted and routed through a VPN server. This makes it difficult for anyone to intercept and analyze your internet traffic, including organizations using DPI.

However, not all VPNs are created equal when it comes to protecting against DPI. Some VPN providers may have their servers blocked by organizations using DPI, while others may not offer strong enough encryption to prevent DPI.

It’s important to choose a VPN provider that offers strong encryption, such as AES-256, and has a strict no-logging policy. Additionally, it may be helpful to choose a VPN provider with obfuscation or stealth technologies, which can help hide the fact that you’re using a VPN and make it more difficult for organizations using DPI to block your connection.

What are end-to-end correlation attacks?

Β 

End-to-end correlation attacks are a type of attack that can be used to de-anonymize VPN users. These attacks involve analyzing the network traffic at both ends of a VPN connection to identify patterns or similarities in the traffic. By identifying these patterns, an attacker can potentially link the encrypted traffic at one end of the VPN connection to the decrypted traffic at the other end, revealing the identity of the VPN user.

One way to protect against end-to-end correlation attacks is to use a VPN provider that offers a no-logging policy. A no-logging policy means that the VPN provider does not keep any records of their users’ internet activity, including traffic logs or connection metadata. Without these logs, it becomes much more difficult for an attacker to correlate traffic on both ends of a VPN connection.

Another way to protect against end-to-end correlation attacks is to use a VPN provider that uses shared IP addresses. Shared IP addresses mean that multiple users are assigned the same IP address, making it more difficult for an attacker to correlate traffic to a specific user.

It’s also important to use a VPN provider that offers strong encryption and does not leak any user data. DNS leaks, for example, can reveal a user’s real IP address even when they are using a VPN.

In addition, it’s important to use good operational security (OPSEC) practices when using a VPN. This includes avoiding using the same VPN server for all of your internet activity, as this can make it easier for an attacker to correlate traffic. It’s also important to use a VPN provider that offers a variety of server locations, so you can switch between servers and avoid using the same one repeatedly.

End-to-end correlation attacks and deep packet inspection are some of the most prominent ways that nation states use to deanonymise VPN users.

VPNs and DNS leaks

Β 

Another potential security vulnerability that can occur when using a VPN called DNS leaks. DNS, short for Domain Name System, is the system that translates human-readable domain names, like google.com, into IP addresses, like 172.217.12.46, which are used by computers to identify specific websites on the internet.

When a user connects to a VPN, all of their internet traffic is encrypted and routed through the VPN server. However, if the VPN connection is not configured properly, the user’s DNS requests may not be encrypted and may be sent outside of the VPN tunnel. This means that a user’s internet service provider (ISP) or any other third party could potentially see their DNS requests and link them to their browsing activity. This is known as a DNS leak.

DNS leaks can occur for several reasons, such as misconfigured VPN software or a VPN provider that does not properly route DNS requests through the VPN tunnel. DNS leaks can reveal a user’s real IP address and allow ISPs, advertisers, or other third parties to monitor their internet activity.

There are several ways to prevent DNS leaks when using a VPN. One way is to use a VPN provider that offers DNS leak protection. This feature ensures that all DNS requests are encrypted and routed through the VPN tunnel, preventing any potential leaks. Another way is to manually configure the VPN connection to use a third-party DNS provider, such as Google DNS or OpenDNS, rather than the default DNS provider provided by the ISP.

It’s also important to regularly test for DNS leaks to ensure that your VPN connection is properly configured. There are several online tools that can be used to test for DNS leaks, such as dnsleaktest.com and ipleak.net.

Useful resources

Here are some of the most popular VPN providers on the market:

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Anonymity and Privacy

Living off the grid with TAILS OS πŸ‘»

Your mobile phone is SPYING on you. Here’s how πŸ‘€

Anonymise yourself with TAILS OS… the operating system used by Edward Snowden πŸ‘»

What is really on the ‘Dark Net’, and how does it work? πŸ‘€

How do VPNs work (and how they don’t) πŸ‘€

Stylometry: how intelligence agencies track you by your writing style ✍️

The 2024 Complete Guide To Online Privacy πŸ€“

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.