Virtual Private Network

From SI410
Revision as of 15:38, 9 April 2021 by Emuth (Talk | contribs) (lengthened streaming service section, added references)

Jump to: navigation, search

A virtual private network (VPN) is a technology used to create a safe and private connection over a public network.[1] This is achieved by controlling internet traffic between the user's computer and the destination so the location of the user's computer is hidden or it appears that they are working from somewhere other than their true location.[2] VPNs can be used by both businesses and individuals.

Types of VPNs

Different types of VPNs come from varying strategies of redirecting and masking internet traffic. There are two primary types of VPNs: Site-to-Site and Remote Access.[3]

Site-to-Site

A Site-to-Site VPN, also called a Router-to-Router VPN, occurs when at least one user's network connects to another.[3] According to cybersecurity company Fortinet, these types of VPNs are often found in business settings. These routers connect to essentially form one large network comprised of local networks.[4] This allows someone on one of the local connections to access information from any of the other local networks connected to the VPN. One subtype of this category is an Intranet-Based Site-to-Site VPN. Intranet-Based Site-to-Site VPNs are often used within a company when the flow of information is relatively free. That is, all networks involved in the VPN have equal access and sharing of all resources. This helps simulate the experience of everyone working on the same local network.[4][3] Conversely, Extranet-Based Site-to-Site VPNs are used for more selective sharing.[4] GeeksforGeeks, a popular educational programming website, describes them as "companies [using] ... VPN ... to connect to the office of another company."[3]

Remote Access

With a Remote Access VPN, rather than connecting to another router, the user connects securely to a remote network.[5] By using a remote access VPN, an encrypted "tunnel" is created from the user's location to the VPN destination. This destination is determined by the creator of the private network being accessed, and some VPNs allow the user to choose their destination.[2] TunnelBear is an example of a VPN service where the user is able to choose where they would like to "tunnel" their data.

A screenshot from the TunnelBear homepage.[6]

Uses

Access Remote Sites

Using a remote access VPN, users from across the globe can access a singular private network.[7] At the University of Michigan, a VPN is used to allow students to access the University's encrypted data when not on the campus internet. This allows students to remotely access information stored at the university, such as databases, or to take advantage of network protection provided through the university.[8] Throughout the Covid-19 pandemic, companies have relied on VPNs to grant employees access to servers, internal applications, and data hosted on-site. These actions were taken to limit the exposure of sensitive data.[9][10]

This image shows who cannot see a user's data while they are using a VPN. Note that the VPN provider is not in the image.[11]

Privacy

As a VPN encrypts the data between the user and the network, it can help keep a user's information private.[9] This functionality is similar to how VPNs are used to access remote sites, as they help a user access data without having to worry about the WiFi network they're connected to.[12] By encrypting the information, the internet provider, government, and others who control the network can see less of what a user is doing online. Not only does this limit what data is collected about the user, but it can also decrease the number of targeted ads and help to hide the user's location.[13]

Access Information From Other Countries

A VPN can also allow a user to access information that is otherwise not available to them by making it appear as if they are located outside of their physical location.

Circumventing Government Censorship

By disguising the IP address that a request comes from, a VPN can help to access sites blocked by the government in the country where the user is located. In China, The Great Firewall is a name given to the censorship of the internet. By using a VPN, Chinese citizens are able to access information that would have otherwise been restricted by their government.[14] This has also allowed Chinese companies to conduct business with overseas partners. As new programs in China seek to control internet usage, some argue that VPNs can be useful tools to avoid these restrictions.[15] China is not the only location where VPNs are used to access blocked content. In Kashmir, people are using VPNs to access social media sites such as WhatsApp or Instagram that have been banned.[16]

Streaming Services

Another common use for a VPN is accessing streaming services that are not available in a given country. Viewers use VPNs to access Netflix libraries with larger content than their home country.[17] For example, as of November 2020, Star Trek: Discovery was not available on Netflix in the US and Canada but was in other countries.[18] Companies like Netflix actively attempt to prevent customers from using VPNs to access content outside of their countries; often, they do this by comparing the location of the user's IP address (which the VPN has altered) and their Domain Name Server (DNS) which could still reveal the user's true location.[19]

The 5 Eyes, 9 Eyes, and 14 Eyes Agreements

After World War II, the United States and the United Kingdom signed the BRUSA Agreement to share intelligence between the two countries. (The BRUSA Agreement is now known as the UKUSA Agreement.[20] Over time, this agreement grew to include more countries, eventually leading to the 5 Eyes, 9 Eyes, and 14 Eyes agreements (each one involving a different group of countries). As a part of this agreement, any intelligence gained by one country is automatically shared with all other countries in the agreement.[21] Some VPN companies, such as Restore Privacy, highlight this arrangement in support of using their services, claiming that they can help users escape government surveillance and information sharing between countries with these agreements.[22]

Ethical Concerns

Most ethical concerns regarding VPNs come from the commercial uses of the technology.

Pirating of Paid Content

Since VPNs can help make a user's web access history a secret from their Internet Service Provider (ISP), VPNs have become popular tools for illegally obtaining copyrighted material. This has resulted in lawsuits from producers who argue that VPN companies promote and facilitate pirating.[23] One popular method of pirating material like this is "torrenting" copyrighted material like movies, music, or video games. "Torrenting" refers to a method of peer-to-peer file sharing that uses the BitTorrent protocol. VPNs are often used in conjunction with this method because it hides the illegal file sharing activity from Internet Service Providers.[24]

Liquid VPN Advertising their service to access torrenting websites primarily used for pirating.[25]

Security of a VPN

Using a VPN does not hide the information being sent from everyone, but instead shifts the ability to see the information from the user's internet service provider to the VPN provider.[26] Some argue, however, that VPNs are not completely safe because the user is still dependent on the VPN company for their security. As an example, NordVPN, a leading provider, got hacked in 2019 and did not disclose the hack for several months.[27]

According to M.T. Khan and others, users rely on virtual private network services for a number of reasons: to preserve their privacy, circumvent censorship, and access geo-filtered content. A 2018 evaluation of sixty-two commercial VPN providers showed that while the services seem less likely to intercept or tamper with user traffic, some VPNs do leak user traffic through a variety of means. From the study, in 10% of the providers studied, between 5 and 30% of the VPNs appeared to be hosted on servers located in countries other than those advertised to users.[28] Perta et al. analyzed fourteen of the most popular commercial VPN services in 2015 and inspected their internals and infrastructures. They found that the majority of VPN services suffer from IPv6 traffic leakage. A sophisticated DNS hijacking attack would allow all traffic to be transparently captured. [29]

Misleading Advertisements

Several VPN companies have been found to have made misleading claims about their product. In 2019, NordVPN had an advertisement banned in the UK when they made false claims suggesting that users without a VPN are broadcasting their passwords to hackers on public WiFi. The Advertising Standards Agency found that the ad incorrectly made viewers believe that public networks are inherently insecure.[30] Other companies have claimed that they keep no logs on user information, but independent investigations have found that several of these companies, including UFO VPN, have kept logs.[31].

See Also

References

  1. Gewirtz, David, and Rae Hodge. “Best VPN service of 2021.” CNN, 19 Mar. 2021, www.cnet.com/news/best-vpn/. Accessed 25 Mar. 2021.
  2. 2.0 2.1 Symanovich, Steve. "What is a VPN?" Norton, 14 Jan. 2021, us.norton.com/internetsecurity-privacy-what-is-a-vpn.html. Accessed 8 Apr. 2021.
  3. 3.0 3.1 3.2 3.3 "Types of Virtual Private Network (VPN) and its Protocols." Geeks for Geeks, 10 Apr. 2019, www.geeksforgeeks.org/types-of-virtual-private-network-vpn-and-its-protocols/. Accessed 8 Apr. 2021.
  4. 4.0 4.1 4.2 "What is a Site-to-Site VPN?" Fortinet, www.fortinet.com/resources/cyberglossary/what-is-site-to-site-vpn. Accessed 8 Apr. 2021.
  5. “Different Types of VPNs and When to Use Them.” VPNMentor, www.vpnmentor.com/blog/different-types-of-vpns-and-when-to-use-them/. Accessed 12 Mar 2021.
  6. TunnelBear. www.tunnelbear.com/. Accessed 9 Apr. 2021.
  7. “Virtual private networks.” IEEE Potentials, vol. 20, no. 1, 2001, pp. 11-15, doi:10.1109/45.913204. Accessed 12 Mar. 2021.
  8. “Virtual Private Network (VPN).” Information and Technology Services, University of Michigan, its.umich.edu/enterprise/wifi-networks/vpn. Accessed 12 Mar. 2021.
  9. 9.0 9.1 “What is a business VPN?” Cloudflare, www.cloudflare.com/learning/access-management/what-is-a-business-vpn/. Accessed 12 Mar. 2021.
  10. “Why Companies Are Turning To VPNs During The Coronavirus Outbreak.” OpenVPN, openvpn.net/why-companies-are-turning-to-vpns-during-the-coronavirus-outbreak. Accessed 12 Mar. 2021.
  11. “The ultimate guide to VPN encryption, protocols, and ciphers.” ATT, 31 July 2019, cybersecurity.att.com/blogs/security-essentials/the-ultimate-guide-to-vpn-encryption-protocols-and-ciphers. Accessed 25 Mar. 2021.
  12. Levin, Benjamin. “A VPN is vital when working from home, so here’s everything you need to know.” CNN, 17 Sept. 2020, www.cnn.com/2020/09/17/cnn-underscored/how-to-setup-a-vpn. Accessed 12 Mar. 2021.
  13. “What is a VPN.” Cloudflare, www.cloudflare.com/learning/access-management/what-is-a-vpn/. Accessed 12 Mar. 2021.
  14. Economy, Elizabeth C. “The great firewall of China: Xi Jinping’s internet shutdown.” The Guardian, 29 June 2018, www.theguardian.com/news/2018/jun/29/the-great-firewall-of-china-xi-jinpings-internet-shutdown. Accessed 12 Mar. 2021.
  15. Shanghai, Liza Linin and Josh Chin. "China’s VPN Crackdown Weighs on Foreign Companies There." The Wall Street Journal, 2017 Aug. 2, www.wsj.com/articles/chinas-vpn-crackdown-weighs-on-foreign-companies-there-1501680195. Accessed 8 Apr. 2021.
  16. Bukhari, Fayaz. “India cracks down on use of VPNs in Kashmir to get around social media ban.” Reuters, 19 Feb. 2020, www.reuters.com/article/us-india-kashmir-internet/india-cracks-down-on-use-of-vpns-in-kashmir-to-get-around-social-media-ban-idUSKBN20D0LT. Accessed 12 Mar. 2021.
  17. Hodge, Rae. “VPN use surges during the coronavirus lockdown, but so do security risks.” CNET, 23 Apr. 2020, www.cnet.com/news/vpn-use-surges-during-the-coronavirus-lockdown-but-so-do-security-risks/. Accessed 12 Mar. 2021.
  18. Eddy, Max. "How to Use a VPN to Watch Netflix From Other Countries." PCMag, 20 Nov. 2020, www.pcmag.com/how-to/how-to-unblock-netflix-with-a-vpn. Accessed 9 Apr. 2021.
  19. Parker, Jacob. "How does Netflix detect and block VPN use?" TechRader, 30 June 2020, www.techradar.com/vpn/how-does-netflix-detect-and-block-vpn-use. Accessed 9 Apr. 2021.
  20. "UKUSA Agreement Release." National Security Agency Central Security Service, www.nsa.gov/news-features/declassified-documents/ukusa/. Accessed 1 Apr. 2021.
  21. "Five Eyes." Privacy International, privacyinternational.org/learn/five-eyes. Accessed 8 Apr. 2021.
  22. Taylor, Sven. "Five Eyes, Nine Eyes, 14 Eyes – Explained." Restore Privacy, 3 Sep. 2020, restoreprivacy.com/5-eyes-9-eyes-14-eyes/. Accessed 8 Apr. 2021.
  23. Sharma, Mayank. “This top VPN is being sued by filmmakers.” Future US, 11 Mar 2021, www.techradar.com/news/this-top-vpn-is-being-sued-by-filmmakers. Accessed 12 Mar. 2021.
  24. Bischoff, Paul. "What is Torrenting? Is it Safe? Is it illegal? Are you likely to be caught?" Comparitech, 8 Apr. 2021, www.comparitech.com/blog/vpn-privacy/is-torrenting-safe-illegal-will-you-be-caught/. Accessed 9 Apr. 2021.
  25. “Popcorn Time VPN.” LiquidVPN, www.liquidvpn.com/popcorn-time-vpn/. Accessed 25 Mar 2021.
  26. “This Video Is Sponsored By ███ VPN.” YouTube, uploaded by Tom Scott, 28 Oct 2019, www.youtube.com/watch?v=WVDQEoe6ZWY.
  27. Whittaker, Zack. “NordVPN confirms it was hacked.” TechCrunched, 21 Oct. 2019, techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/. Accessed 12 Mar. 2021.
  28. Khan, M. T., et al. "An Empirical Analysis of the Commercial VPN Ecosystem." In Proceedings of the Internet Measurement Conference 2018, Association for Computing Machinery, 31 Oct. 2018, pp. 443-56, doi.org/10.1145/3278532.3278570. Accessed 9 Apr. 2021.
  29. Perta, V. et al. "A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients." Proceedings on Privacy Enhancing Technologies, vol. 2015, no. 1, 2015, pp. 77-91, doi:10.1515/popets-2015-0006. Accessed 9 Apr. 2021..
  30. Smith, Adam. “NordVPN Ad Banned for Exaggerating Threat of Public Wi-Fi.” PCMag, 1 May 2019, www.pcmag.com/news/nordvpn-ad-banned-for-exaggerating-threat-of-public-wi-fi. Accessed 12 Mar 2021.
  31. Bischoff, Paul. "'Zero logs' VPN exposes millions of logs including user passwords, claims data is anonymous." Comparitech, 21 July 2020, www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/. Accessed 12 Mar 2021.

(back to index)