Encrypt Everything – Internet Access

As part of an ongoing series, we’re helping to explain the various steps to encrypt and protect your most valuable data. Follow along each week for practical privacy how-tos.
Over the past few weeks, we’ve covered instructions for encrypting your computer’s hard drive, protecting your mobile phone’s data, and sending secure, encrypted email. The first two methods help protect your data at rest while the third is a solid step forward in protecting your data in transit. This week, we focus on another method of protecting your data in transit – a virtual private network (VPN).

Why It Matters

When you connect to the Internet, any device on the same network as you can potentially intercept and inspect your traffic. If you’re browsing over HTTPS, only the name of the server you visit will be visible, but this alone could compromise personally-identifying information.  If you’re not using HTTPS – or if the apps running in the background on your device aren’t using encryption – then a potential attacker can see everything you do. A VPN establishes a secure, private, encrypted connection over which all of your traffic can flow. It’s a solid privacy protection method for your internet transmissions.

Getting Started

There are several ways to set up a VPN – different approaches will be better fit to particular use cases. In many situations, these vendors can provide sufficient protection for your communication. Cloak is a Mac-only app that provides a completely private Internet connection for either your laptop or your iOS-powered mobile device (or both). It comes with a 14-day free trial and supports plans for both individual and team use. HideMyAss is a cross-platform app (meaning it supports both Mac and Windows and iOS and Android) that also provides secure Internet access. While they don’t offer a trial, they do allow early cancellation and even accept payment by way of store gift cards (in the event you’re wary of purchasing with your own bank account). VPN Unlimited is yet another service that provides a cross-platform app and allows for secure Internet access through multiple servers across various countries. If you’re traveling abroad, connecting to a VPN in the same country (or at least one nearby) will vastly improve the speed of your connection. PrivateInternetAccess is a fully-fledged VPN solution that allows connections both through their easy-to-install app or through the default VPN interface built into your operating system (Some apps might bypass the proxy presented by a peer application, but routing traffic through a VPN at the OS level ensures everything is protected). Like most of the other solutions, you have option of connecting to international VPN servers where required. Like HideMyAss, you can also pay through a store gift card instead of your named account. In some situations, you might prefer to host your own server or using a hosted VPN just isn’t secure enough.With your own server, you completely control the relationship between your devices and the exit point through which they communicate. Pritunl is an easy-to-install, easy-to-use, open source solution built on top of OpenVPN that you can host yourself. Your devices can then connect either with the Pritunl client app or with any OpenVPN app of your choice. Whether you use an app-only solution, manually configure a VPN connection, or host your own server entirely, you have multiple options to keep your Internet secure.

Under the Hood

A VPN is, effectively, an end-to-end encrypted connection from your machine to a server at another location. When you’re connected, all of your local traffic (emails, website requests, Dropbox synchronizations, etc) route through the encrypted VPN connection to the server hosting you, then on to their final destination. To the outside world (i.e.  someone inspecting traffic while you’re connected from Starbucks) the only connection you’ve made is to the VPN itself. No one can see that you’re sending email, syncing files, or watching YouTube videos. No attackers can list the pages you’re viewing, over HTTPS or otherwise. As for your VPN host, they see your traffic as if you’re working from the same physical network. If you’re browsing an HTTPS website, they can only see the server name, not the pages that you’re viewing.

What’s Next

While a VPN allows you to securely communicate with the outside world, it doesn’t completely protect your privacy. Your identity can still be exposed through cookies in your browser, remote tracking scripts like Google Analytics, or tracing the connection between you and the sites you’ve requested. If it’s privacy and tracking that you’re concerned with, take a look at browser plugins like Ghostery and Privacy Badger. They both help protect you from hostile scripts that can be used to track you and violate your privacy. If it’s instead anonymity that worries you, take a look at Tor Browser. The Tor Browser uses the Tor protocol for communication, meaning your messages make several (encrypted) hops as they reach their destination, hampering anyone’s ability to identify you based on your Internet habits. Now that you are setup for secure Internet, take some time to help your friends and family protect their data as well. Using encryption for sensitive information is a good first step, but if only sensitive information is protected a potential attacker knows just which data to attack. If everything is encrypted, then attackers have no foundation from which to mount an attack.