Difference between revisions of "Virtual Private Network"

From SI410
Jump to: navigation, search
(Security of a VPN: added content to this section on the trust of VPNs and the failure of commercial vpns to provide adequate security)
(Added Section "The 5 Eyes, 9 Eyes, and 14 Eyes Agreements" and added sources 5 sources (R15-R20))
Line 38: Line 38:
 
One of the most popular features of a VPN is being able to access streaming services that are not available in a given country. Viewers will use a VPN to access Netflix libraries with larger content than their home country.<ref>[https://www.cnet.com/news/vpn-use-surges-during-the-coronavirus-lockdown-but-so-do-security-risks/ Hodge, Rae. “VPN use surges during the coronavirus lockdown, but so do security risks.” CNET, 23 April 2020, Accessed 12 Mar 2021. ]</ref>
 
One of the most popular features of a VPN is being able to access streaming services that are not available in a given country. Viewers will use a VPN to access Netflix libraries with larger content than their home country.<ref>[https://www.cnet.com/news/vpn-use-surges-during-the-coronavirus-lockdown-but-so-do-security-risks/ Hodge, Rae. “VPN use surges during the coronavirus lockdown, but so do security risks.” CNET, 23 April 2020, Accessed 12 Mar 2021. ]</ref>
  
 +
==The 5 Eyes, 9 Eyes, and 14 Eyes Agreements==
 +
 +
After World War II on March 5, 1946, the United States and the United Kingdom signed the BRUSA (now known as UKUSA) Agreement to share intelligence between the two countries.<ref>Home. (n.d.). Retrieved April 01, 2021, from https://www.nsa.gov/news-features/declassified-documents/ukusa/</ref> Over time, this agreement began to grow and include more and more countries which have lead to the 5 eyes, 9 eyes, and 14 eyes agreements.<ref>The 14 Eyes, 9 EYES, 5 Eyes agreements (Explained). (2020, June 09). Retrieved April 01, 2021, from https://protonvpn.com/blog/5-eyes-global-surveillance/</ref> As a part of this agreement, any intelligence gained by one country is automatically shared with all other countries in the agreement.<ref name="agreement">5 eyes, 9 Eyes, &amp; 14 Eyes countries – what you need to know. (n.d.). Retrieved April 01, 2021, from https://www.vpnmentor.com/blog/understanding-five-eyes-concept/</ref> This means that if a country forcefully obtains data from a VPN company that you’re using, then every other country in the agreement has access to that data as well.<ref name="agreement" />
 +
 +
The 5 eyes agreement (FVEY) shares intelligence between Australia, Canada, New Zealand, United Kingdom, and the United States. Each of these countries has its own protocol regarding how much data is collected from those who use the web.<ref>Lawton, S. (n.d.). ODNI home. Retrieved April 01, 2021, from https://www.dni.gov/index.php/ncsc-how-we-work/217-about/organization/icig-pages/2660-icig-fiorc</ref> For example, the United Kingdom passed the Investigatory Powers Act in 2016 which makes Internet Service Providers record browsing history, text messages, and more and share it with the government without a need for a warrant. Similarly, the United States and Australia employ similar programs of data collection.<ref>Taylor, S. (2020, September 03). Five eyes, NINE eyes, and 14 Eyes (in-depth explanation). Retrieved April 01, 2021, from https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/</ref>
 +
 +
Meanwhile, the 9 eyes agreement is an extension of the 5 eyes agreement and the 14 eyes agreement is an extension of the 9 eyes agreement. Overall, each agreement contains the following countries:
 +
* 5 Eyes: Australia, Canada, New Zealand, United Kingdom, and the United States.<ref  name="jpost">Fourteen eyes surveillance alliance explained. (n.d.). Retrieved April 01, 2021, from https://www.jpost.com/special-content/fourteen-eyes-surveillance-alliance-explained-591436</ref>
 +
* 9 Eyes: 5 Eyes + Denmark, France, Netherlands, and Norway.<ref name="jpost" />
 +
* 14 Eyes: 9 Eyes + Germany, Belgium, Italy, Sweden, and Spain.<ref name="jpost" />
 +
 +
The intelligence sharing practices are the same between countries in the 5 eyes, 9 eyes, and 14 eyes groups.<ref name="jpost" />
 
==Ethical Concerns==
 
==Ethical Concerns==
 
Most ethical concerns regarding VPNs come from the commercial side to the technology.
 
Most ethical concerns regarding VPNs come from the commercial side to the technology.

Revision as of 18:00, 1 April 2021

A virtual private network (VPN) is a piece of software used to create a secure and private connection over a public network.[1] This is achieved by creating a tunnel between the user's computer and the destination. VPNs can be used by both business and individuals.


Main Types of VPNs

Different types of VPNs can be broken down into the different layers of the TCP/IP protocol suite in which they belong. [2] To choose which type of VPN to use or create, a number of considerations should be taken into account. Depending on the functional requirements, there are several different methods of constructing each type of VPN, and selecting a type should include consideration of what problem is being solved, risk analysis of the security provided, issues of scaling the VPN, complexity, and ongoing maintenance. [2] The most common type of VPN is when there are geographically diverse subnetworks belonging to a common administrative domain and connected by a shared infrastructure outside their administrative control. [2]

Many VPNs are network layer VPNs and are based on Internet Protocol (IP) at the network layer. [3] They can be implemented with tunneling or by network layer encryption, and enable the destination to communicate through the VPN rather than the user directly. [3]

There are two main classifications of VPNs: Site to Site and Remote Access.

Site to Site

A site to site VPN is when a single virtual network is created through multiple local networks.[4] This allows someone to access information from any local network connected to the virtual network while they are on one of the local networks. Once the user is no longer connected to any local network that makes up the virtual network, they are unable to access any of the data. This is due to the VPN Client being hosted on each network rather than a user's device. This allows multiple offices from different locations to communicate with one another.

Remote Access

Also See: Remote Access

A Remote Access VPN allows a user to connect to a remote server securely.[5] This is done by hosting a VPN client on the users device. By using a remote access VPN, an encrypted 'tunnel' is established. Using this tunnel, the user can then access information only accessible on the local network of the destination, allowing them to interact with files that must be protected.

Commercial VPNs

A Commercial or consumer VPN is a form of the Remote Access VPN model. A commercial VPN uses a remote connection to have the VPN provider interact with websites on the user's behalf, rather than through the user's Internet Service Provider. [6] By using a VPN, the I.P address of a user can be hidden from others.

Uses

Access Remote Sites

Using a remote Access VPN, users from across the globe can access a singular private network.[7] This can be used by companies and individuals alike. At the University of Michigan, a VPN is used to allow students to access the University's encrypted data when not on campus internet.[8] This allows students to work remotely on information stored at the university from their home, a conference, or a coffee shop. Throughout the Covid-19 Pandemic, Companies have relied on VPNs to grant employees access to servers, internal applications, and data hosted on site.[4][9] These actions were taken to limit the exposure of sensitive data.

This image shows who cannot see your data when using a vpn. Note that the VPN provider is not on the image.[10]

Privacy

As a VPN encrypts the data between the user and a server, a VPN can help to keep a user's information private.[4] This is similar in use case to accessing a remote site, as the VPN can help a user access data without having to worry about the WiFi network joined.[11] By encrypting the information, the internet provider, government, and others who control the network can see less of what a user is doing online. Not only does this limit what data is collected about the user, but it can also decrease the number of targeted ads, and help to hide the users' location. [6]

Access Information From Other Countries

A VPN can also allow a user to access information that is otherwise not available to them by showing that they are in a different location.

Circumventing Government Censorship

By disguising the IP address that a request comes from, a VPN can help to access sites blocked by the government. In China, The Great Firewall is a name given to the censorship of the internet. By using a VPN, Chinese citizens are able to access information that has been blocked by the government.[12] This has also allowed Chinese companies to conduct business with overseas partners. As new programs in China seek to limit the internet, a VPN can be a useful tool to circumvent these restrictions. China is not the only location where VPNs are used to access blocked content. In Kashmir, people are using VPNs to access social media sites that have been banned.[13]

Streaming Services

One of the most popular features of a VPN is being able to access streaming services that are not available in a given country. Viewers will use a VPN to access Netflix libraries with larger content than their home country.[14]

The 5 Eyes, 9 Eyes, and 14 Eyes Agreements

After World War II on March 5, 1946, the United States and the United Kingdom signed the BRUSA (now known as UKUSA) Agreement to share intelligence between the two countries.[15] Over time, this agreement began to grow and include more and more countries which have lead to the 5 eyes, 9 eyes, and 14 eyes agreements.[16] As a part of this agreement, any intelligence gained by one country is automatically shared with all other countries in the agreement.[17] This means that if a country forcefully obtains data from a VPN company that you’re using, then every other country in the agreement has access to that data as well.[17]

The 5 eyes agreement (FVEY) shares intelligence between Australia, Canada, New Zealand, United Kingdom, and the United States. Each of these countries has its own protocol regarding how much data is collected from those who use the web.[18] For example, the United Kingdom passed the Investigatory Powers Act in 2016 which makes Internet Service Providers record browsing history, text messages, and more and share it with the government without a need for a warrant. Similarly, the United States and Australia employ similar programs of data collection.[19]

Meanwhile, the 9 eyes agreement is an extension of the 5 eyes agreement and the 14 eyes agreement is an extension of the 9 eyes agreement. Overall, each agreement contains the following countries:

  • 5 Eyes: Australia, Canada, New Zealand, United Kingdom, and the United States.[20]
  • 9 Eyes: 5 Eyes + Denmark, France, Netherlands, and Norway.[20]
  • 14 Eyes: 9 Eyes + Germany, Belgium, Italy, Sweden, and Spain.[20]

The intelligence sharing practices are the same between countries in the 5 eyes, 9 eyes, and 14 eyes groups.[20]

Ethical Concerns

Most ethical concerns regarding VPNs come from the commercial side to the technology.

Pirating of Payed Content

As VPNs can help to mask a user's web access a secrete from their ISP, VPNs are popular tools for torrenting copyrighted material. This has resulted in lawsuits from producers who argue that VPN companies promote and facilitate pirating.[21]

Liquid VPN Advertising their service to access torrenting websites primarily used for pirating.[22]

Security of a VPN

Using a VPN does not hide the information being sent from everyone, but instead shifts the ability to see from the user's internet provider to the VPN provider.[23] While VPN Companies claim that they help protect users, the user is still at the mercy of the company for their security. As an example, NordVPN, a leading provider, got hacked in 2019 and did not disclose the hack for months.[24] Users are lead to believe that using a VPN solves all their worries, when in reality their privacy depends on the company they use.

Many users rely on virtual private network services for many properties: to preserve their privacy, circumvent censorship, and access geo-filtered content. [25] The majority of users have limited means to verify the VPN service’s claims to these properties. A 2018 evaluation of 62 commercial VPN providers showed that while the services seem less likely to intercept or tamper with user traffic, many VPNs do leak user traffic through a variety of means. [25] From the study, 5-30% of the VPN vantage points (associated with 10% of the providers studied) appeared to be hosted on servers located in countries other than those advertised to users. [25] Perta et. al. analyzed 14 of the most popular commercial VPN services in 2015 and inspected their internals and infrastructures.[26] They found that the majority of VPN services suffer from IPv6 traffic leakage. A sophisticated DNS hijacking attack would allow all traffic to be transparently captured. [26]

Misleading Advertisements

Several VPN companies have been found to have made misleading claims about their product. In 2019, NordVPN had an Ad banned in the UK when they made false claims suggesting that users without a VPN are broadcasting their passwords to hackers on public WiFi.[27] The Advertising Standards Agency found that the ad made viewers believe that public networks are inherently insecure when this is not true. Other companies have claimed that they keep no logs on user information, but independent investigations have found that several of these companies, including UFO VPN did keep logs.[28]. These misleading claims can be difficult to verify, but by claiming that people are always at risk such as how NordVPN did, and offering a solution, these companies pray on those without the understanding of how they work.

See Also

References

  1. Gewirtz, David, and Rae Hodge. “Best VPN service of 2021.” CNN, 19 3 2021, Accessed 25 Mar 2021.
  2. 2.0 2.1 2.2 Ferguson, P., & Huston, G. (1998). What is a VPN?.
  3. 3.0 3.1 Venkateswaran, R. (2001). Virtual private networks. IEEE potentials, 20(1), 11-15.
  4. 4.0 4.1 4.2 “What is a business VPN?” Cloudfalre, Accessed 12 Mar 2021.
  5. “Different Types of VPNs and When to Use Them.” VPNMentor, Accessed 12 Mar 2021.
  6. 6.0 6.1 “What is a VPN.” Cloudflare, Accessed 12 Mar 2021.
  7. “Virtual private networks.” IEEE Potentials, 2001, Accessed 12 Mar.
  8. “Virtual Private Network (VPN).” University of Michigan, Accessed 12 Mar 2021.
  9. “Why Companies Are Turning To VPNs During The CoronaVirus Outbreak.” OpenVPN, 2020, Accessed 12 Mar 2021.
  10. “The ultimate guide to VPN encryption, protocols, and ciphers.” ATT, 31 July 2019, Accessed 25 Mar 2021.
  11. Levin, Benjamin. “A VPN is vital when working from home, so here’s everything you need to know.” CNN, 17 Sept 2020, Accessed 12 Mar 2021.
  12. Economy, Elizabeth C. “The great firewall of China: Xi Jinping’s internet shutdown.” The Guardian, 29 Jun 2018, Accessed 12 Mar 2021.
  13. Bukhari, Fayaz. “India cracks down on use of VPNs in Kashmir to get around social media ban.” Reuters, 19 Feb 2020, Accessed 12 Mar 2021.
  14. Hodge, Rae. “VPN use surges during the coronavirus lockdown, but so do security risks.” CNET, 23 April 2020, Accessed 12 Mar 2021.
  15. Home. (n.d.). Retrieved April 01, 2021, from https://www.nsa.gov/news-features/declassified-documents/ukusa/
  16. The 14 Eyes, 9 EYES, 5 Eyes agreements (Explained). (2020, June 09). Retrieved April 01, 2021, from https://protonvpn.com/blog/5-eyes-global-surveillance/
  17. 17.0 17.1 5 eyes, 9 Eyes, & 14 Eyes countries – what you need to know. (n.d.). Retrieved April 01, 2021, from https://www.vpnmentor.com/blog/understanding-five-eyes-concept/
  18. Lawton, S. (n.d.). ODNI home. Retrieved April 01, 2021, from https://www.dni.gov/index.php/ncsc-how-we-work/217-about/organization/icig-pages/2660-icig-fiorc
  19. Taylor, S. (2020, September 03). Five eyes, NINE eyes, and 14 Eyes (in-depth explanation). Retrieved April 01, 2021, from https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/
  20. 20.0 20.1 20.2 20.3 Fourteen eyes surveillance alliance explained. (n.d.). Retrieved April 01, 2021, from https://www.jpost.com/special-content/fourteen-eyes-surveillance-alliance-explained-591436
  21. Sharma, Mayank. “This top VPN is being sued by filmmakers.” Future US, 11 Mar 2021, Accessed 12 Mar 2021.
  22. “Popcorn Time VPN.” LiquidVPN, Accessed 25 Mar 2021.
  23. Scott, Tom. “This Video Is Sponsored By ███ VPN.” YouTube, 28 Oct 2019, Accessed 12 Mar 2021.
  24. Whittaker, Zack. “NordVPN confirms it was hacked.” TechCrunched, 21 Oct 2019, Accessed 12 Mar 2021.
  25. 25.0 25.1 25.2 Khan, M. T., DeBlasio, J., Voelker, G. M., Snoeren, A. C., Kanich, C., & Vallina-Rodriguez, N. (2018, October). An empirical analysis of the commercial vpn ecosystem. In Proceedings of the Internet Measurement Conference 2018 (pp. 443-456).
  26. 26.0 26.1 Perta, V. C., Barbera, M., Tyson, G., Haddadi, H., & Mei, A. (2015). A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients.
  27. Smith, Adam. “NordVPN Ad Banned for Exaggerating Threat of Public Wi-Fi.” PCMag, 1 May 2019, Accessed 12 Mar 2021.
  28. Bischoff, Paul. ““Zero logs” VPN exposes millions of logs including user passwords, claims data is anonymous.” Comparitech, 21 July 2020, Accessed 12 Mar 2021.

(back to index)