Virtual Private Network

From SI410
Revision as of 17:51, 8 April 2021 by Emuth (Talk | contribs) (fixed typo in Cloudflare, added three references, deleted overly technical sections, more user-friendly/approachable wording)

Jump to: navigation, search

A virtual private network (VPN) is a technology used to create a safe and private connection over a public network.[1] This is achieved by controlling internet traffic between the user's computer and the destination so the location of the user's computer is hidden or it appears that they are working from somewhere other than their true location.[2] VPNs can be used by both businesses and individuals.

Types of VPNs

Different types of VPNs come from varying strategies of redirecting and masking internet traffic. There are two primary types of VPNs: Site-to-Site and Remote Access.[3]

Site-to-Site

A Site-to-Site VPN, also called a Router-to-Router VPN, occurs when at least one user's network connects to another.[3] According to cybersecurity company Fortinet, these types of VPNs are often found in business settings. These routers connect to essentially form one large network comprised of local networks.[4]] This allows someone on one of the local connections to access information from any of the other local networks connected to the VPN.

Remote Access

With a Remote Access VPN, rather than connecting to another router, the user connects securely to a remote network.[5] By using a remote access VPN, an encrypted "tunnel" is created from the user's location to the VPN destination. This destination is determined by the creator of the private network being accessed, and some VPNs allow the user to choose their destination.[2]

Uses

Access Remote Sites

Using a remote access VPN, users from across the globe can access a singular private network.[6] This can be used by companies and individuals alike. At the University of Michigan, a VPN is used to allow students to access the University's encrypted data when not on campus internet.[7] This allows students to work remotely on information stored at the university from their home, a conference, or a coffee shop. Throughout the Covid-19 Pandemic, companies have relied on VPNs to grant employees access to servers, internal applications, and data hosted on-site.[8][9] These actions were taken to limit the exposure of sensitive data.

This image shows who cannot see your data when using a vpn. Note that the VPN provider is not on the image.[10]

Privacy

As a VPN encrypts the data between the user and a server, a VPN can help to keep a user's information private.[8] This is similar in use case to accessing a remote site, as the VPN can help a user access data without having to worry about the WiFi network they're connected to.[11] By encrypting the information, the internet provider, government, and others who control the network can see less of what a user is doing online. Not only does this limit what data is collected about the user, but it can also decrease the number of targeted ads, and help to hide the user's location. [12]

Access Information From Other Countries

A VPN can also allow a user to access information that is otherwise not available to them by showing that they are in a different location.

Circumventing Government Censorship

By disguising the IP address that a request comes from, a VPN can help to access sites blocked by the government. In China, The Great Firewall is a name given to the censorship of the internet. By using a VPN, Chinese citizens are able to access information that has been blocked by the government.[13] This has also allowed Chinese companies to conduct business with overseas partners. As new programs in China seek to limit the internet, a VPN can be a useful tool to circumvent these restrictions. China is not the only location where VPNs are used to access blocked content. In Kashmir, people are using VPNs to access social media sites that have been banned.[14]

Streaming Services

One of the most popular features of a VPN is being able to access streaming services that are not available in a given country. Viewers will use a VPN to access Netflix libraries with larger content than their home country.[15]

The 5 Eyes, 9 Eyes, and 14 Eyes Agreements

After World War II on March 5, 1946, the United States and the United Kingdom signed the BRUSA (now known as UKUSA) Agreement to share intelligence between the two countries.[16] Over time, this agreement began to grow and include more and more countries which have lead to the 5 eyes, 9 eyes, and 14 eyes agreements.[17] As a part of this agreement, any intelligence gained by one country is automatically shared with all other countries in the agreement.[18] This means that if a country forcefully obtains data from a VPN company that you’re using, then every other country in the agreement has access to that data as well.[18]

The 5 eyes agreement (FVEY) shares intelligence between Australia, Canada, New Zealand, United Kingdom, and the United States. Each of these countries has its own protocol regarding how much data is collected from those who use the web.[19] For example, the United Kingdom passed the Investigatory Powers Act in 2016 which makes Internet Service Providers record browsing history, text messages, and more and share it with the government without a need for a warrant. Similarly, the United States and Australia employ similar programs of data collection.[20]

Meanwhile, the 9 eyes agreement is an extension of the 5 eyes agreement and the 14 eyes agreement is an extension of the 9 eyes agreement. Overall, each agreement contains the following countries:

  • 5 Eyes: Australia, Canada, New Zealand, United Kingdom, and the United States.[21]
  • 9 Eyes: 5 Eyes + Denmark, France, Netherlands, and Norway.[21]
  • 14 Eyes: 9 Eyes + Germany, Belgium, Italy, Sweden, and Spain.[21]

The intelligence sharing practices are the same between countries in the 5 eyes, 9 eyes, and 14 eyes groups.[21]

Ethical Concerns

Most ethical concerns regarding VPNs come from the commercial side of the technology.

Pirating of Paid Content

Since VPNs can help make a user's web access history a secret from their ISP, VPNs have become popular tools for torrenting copyrighted material. This has resulted in lawsuits from producers who argue that VPN companies promote and facilitate pirating.[22]

Liquid VPN Advertising their service to access torrenting websites primarily used for pirating.[23]

Security of a VPN

Using a VPN does not hide the information being sent from everyone, but instead shifts the ability to see the information from the user's internet service provider to the VPN provider.[24] While VPN companies claim that they help protect users, the user is still at the mercy of the company for their security. As an example, NordVPN, a leading provider, got hacked in 2019 and did not disclose the hack for months.[25] Users are led to believe that using a VPN solves all their worries, when in reality their privacy depends on the company they use.

Many users rely on virtual private network services for a number of reasons: to preserve their privacy, circumvent censorship, and access geo-filtered content. [26] The majority of users have limited means to verify the VPN service’s claims to provide these abilities. A 2018 evaluation of 62 commercial VPN providers showed that while the services seem less likely to intercept or tamper with user traffic, many VPNs do leak user traffic through a variety of means. [26] From the study, 5-30% of the VPN vantage points (associated with 10% of the providers studied) appeared to be hosted on servers located in countries other than those advertised to users. [26] Perta et. al. analyzed 14 of the most popular commercial VPN services in 2015 and inspected their internals and infrastructures.[27] They found that the majority of VPN services suffer from IPv6 traffic leakage. A sophisticated DNS hijacking attack would allow all traffic to be transparently captured. [27]

Misleading Advertisements

Several VPN companies have been found to have made misleading claims about their product. In 2019, NordVPN had an advertisement banned in the UK when they made false claims suggesting that users without a VPN are broadcasting their passwords to hackers on public WiFi.[28] The Advertising Standards Agency found that the ad made viewers believe that public networks are inherently insecure when this is not true. Other companies have claimed that they keep no logs on user information, but independent investigations have found that several of these companies, including UFO VPN did keep logs.[29]. These misleading claims can be difficult to verify, but by claiming that people are always at risk such as how NordVPN did, and offering a solution, these companies prey on those who don't understand how VPNs work.

See Also

References

  1. Gewirtz, David, and Rae Hodge. “Best VPN service of 2021.” CNN, 19 Mar. 2021, www.cnet.com/news/best-vpn/. Accessed 25 Mar. 2021.
  2. 2.0 2.1 Symanovich, Steve. "What is a VPN?" Norton, 14 Jan. 2021, us.norton.com/internetsecurity-privacy-what-is-a-vpn.html. Accessed 8 Apr. 2021.
  3. 3.0 3.1 "Types of Virtual Private Network (VPN) and its Protocols." Geeks for Geeks, 10 Apr. 2019, www.geeksforgeeks.org/types-of-virtual-private-network-vpn-and-its-protocols/. Accessed 8 Apr. 2021.
  4. [https://www.fortinet.com/resources/cyberglossary/what-is-site-to-site-vpn "What is a Site-to-Site VPN?" Fortinet, www.fortinet.com/resources/cyberglossary/what-is-site-to-site-vpn. Accessed 8 Apr. 2021.
  5. “Different Types of VPNs and When to Use Them.” VPNMentor, www.vpnmentor.com/blog/different-types-of-vpns-and-when-to-use-them/. Accessed 12 Mar 2021.
  6. “Virtual private networks.” IEEE Potentials, 2001, Accessed 12 Mar.
  7. “Virtual Private Network (VPN).” University of Michigan, Accessed 12 Mar 2021.
  8. Cite error: Invalid <ref> tag; no text was provided for refs named Cloudflare_Business_VPN
  9. “Why Companies Are Turning To VPNs During The CoronaVirus Outbreak.” OpenVPN, 2020, Accessed 12 Mar 2021.
  10. “The ultimate guide to VPN encryption, protocols, and ciphers.” ATT, 31 July 2019, Accessed 25 Mar 2021.
  11. Levin, Benjamin. “A VPN is vital when working from home, so here’s everything you need to know.” CNN, 17 Sept 2020, Accessed 12 Mar 2021.
  12. Cite error: Invalid <ref> tag; no text was provided for refs named What_is_a_VPN
  13. Economy, Elizabeth C. “The great firewall of China: Xi Jinping’s internet shutdown.” The Guardian, 29 Jun 2018, Accessed 12 Mar 2021.
  14. Bukhari, Fayaz. “India cracks down on use of VPNs in Kashmir to get around social media ban.” Reuters, 19 Feb 2020, Accessed 12 Mar 2021.
  15. Hodge, Rae. “VPN use surges during the coronavirus lockdown, but so do security risks.” CNET, 23 April 2020, Accessed 12 Mar 2021.
  16. "UKUSA Agreement Release" Accessed April 01, 2021
  17. "The 14 Eyes, 9 EYES, 5 Eyes agreements (Explained)." (2020, June 09). Accessed April 01, 2021
  18. 18.0 18.1 "5 eyes, 9 Eyes, & 14 Eyes countries – what you need to know." (n.d.). Accessed April 01, 2021,
  19. Lawton, S. "FIVE EYES INTELLIGENCE OVERSIGHT AND REVIEW COUNCIL". ODNI home. Accessed April 01, 2021
  20. Taylor, S. (2020, September 03). "Five eyes, NINE eyes, and 14 Eyes (in-depth explanation)." Accessed April 01, 2021
  21. 21.0 21.1 21.2 21.3 "Fourteen eyes surveillance alliance explained." (n.d.). Accessed April 01, 2021
  22. Sharma, Mayank. “This top VPN is being sued by filmmakers.” Future US, 11 Mar 2021, Accessed 12 Mar 2021.
  23. “Popcorn Time VPN.” LiquidVPN, Accessed 25 Mar 2021.
  24. Scott, Tom. “This Video Is Sponsored By ███ VPN.” YouTube, 28 Oct 2019, Accessed 12 Mar 2021.
  25. Whittaker, Zack. “NordVPN confirms it was hacked.” TechCrunched, 21 Oct 2019, Accessed 12 Mar 2021.
  26. 26.0 26.1 26.2 Khan, M. T., DeBlasio, J., Voelker, G. M., Snoeren, A. C., Kanich, C., & Vallina-Rodriguez, N. (2018, October). An empirical analysis of the commercial vpn ecosystem. In Proceedings of the Internet Measurement Conference 2018 (pp. 443-456).
  27. 27.0 27.1 Perta, V. C., Barbera, M., Tyson, G., Haddadi, H., & Mei, A. (2015). A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients.
  28. Smith, Adam. “NordVPN Ad Banned for Exaggerating Threat of Public Wi-Fi.” PCMag, 1 May 2019, Accessed 12 Mar 2021.
  29. Bischoff, Paul. ““Zero logs” VPN exposes millions of logs including user passwords, claims data is anonymous.” Comparitech, 21 July 2020, Accessed 12 Mar 2021.

(back to index)

Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Virtual_Private_Network&oldid=101007"