How to VPN
How to VPN
Date: Tuesday, September 8
Presenter: Elijiah Waxwing, Senior Technologist at Calyx Institute
What:
VPNs are a widely used tool to circumvent censorship and help with privacy - but not all tools are created equally, nor are they a magic bullet to protect you from all privacy and security risks. Join us and find out:
When and why to use a VPN? What contexts are they the most useful? Not all VPN providers are created equally, find out how to pick a quality VPN provider that works for you How VPNs differ from other tools like Tor What does VPN protect, what it doesn’t protect? Things you can do to improve your security/privacy while using a VPN This workshop will be run by Elijiah Waxwing, Senior Technologist at Calyx, who has been working on issues of digital justice since 2000.
Slide Deck: https://cryptpad.fr/file/#/2/file/45nkc6SV6q9P7x2lR1qxVGtg/
---
Notes
VPNs allow you to:
- Bypass censorship, prevent your Internet Service Provider (ISP) from surveilling you; hide your location from the server. This is important also because most state level surveillance is with the ISP. For example, if your countries government is surveilling you, they will contact (or possibly even own) the ISP you are using.
- To use a VPN secure, you must have a mental model of what it is doing, so you understand what it does and doesn't protect you from.
- Glossary of VPN terms can be found here: https://pad.riseup.net/p/vpn
- A VPN is like a teleportation device. It tells your ISP you are X when really you are in Y.
- When you tweet for example, there is the content and then the Metadata has three important pieces of info:
- date and time that you tweeted - source IP address (where you are tweeteing from) - destination IP (where your content is going to).
- when you tweet your data is traveling the internet through a series of tubes to reach the Twitter server. This is called Data in Motion. When it reaches twitter and its stored in the Twitter server, or any other database/server, this is called Data at Rest.
- There are 4 things you are really trying to protect of Data in Motion:
- Content (whether its your tweet or the article you are reading on NYT) - Timing - Source - Destination
PRO TIP, HTTPS (vs http) before a URL means that the content is protected when its traveling via the internet. Most websites now use HTTPS. However, there is a browser plugin you can use called HTTPS Everywhere (from EFF) which will put HTTPS on websites that dont have it. Highly recommend everyone have this browser plugin.
- Using a VPN puts your "Data in Motion" in a tube as it travels through the intenret, so its hiding your content and destination from the ISP. HOWEVER, the VPN you are using has this info. The destination of your data (like twitter server) will not know destination (where your tweet is coming from) if you are using a VPN.
- Limitations of VPN: Slower, you need to have trust in the VPN service you are using, only applies to network traffic; depending on your country, it may be illegal to use a VPN; it drains your batter; Entities can still traffic correlation to figure out who you are or where you are doing online.
- Why are VPNs good:
For surveillance: They protect data in motion(you sending a tweet) but does not protect data at rest (twitter server). For anti-censorship, if it works then all good.
- Choosing a VPN: You should know if they log your visits (ie, store the info of where you are going etc). Good VPNs dont log user info. Look at Leak prevention. Some VPNs leak data (https://browserleaks.com/ip Should be easy to use, have a proven track record, and does it obfuscate traffic.
- Examples of open source VPNs that are free: RiseupVPN, Lantern, Psiphon, CalyxVPN
- Examples of open source paid service: Mullvad, Mozilla.
- Tor creates much more privacy and security because it makes you much more anonymous. Only downside is that it usually makes the internet much slower.BUT offers much more protection.
Advanced Topis: - WireGuard vs OpenVPN - Forward Secrecy - Traffic Leaks / Kill Switch - Traffic Correlation