HTTPS is a powerful tool that everyone should use because it helps keep sensitive browsing private at no extra cost to the people using it. But like most security standards, it has its own problems too. That little lock icon in your browser bar, which indicates the HTTPS connection, relies on a certificate “signed” by a recognized authority. But there are hundreds of such authorities, and as the EFF says, “the security of HTTPS is only as strong as the practices of the least trustworthy/competent CA [certificate authorities].” Plus, there have been plenty of news stories covering minor and even major vulnerabilities in the system. Some security professionals have worried about those least-competent authorities, spurring groups to improve on the certificate standards and prompting browsers to add warnings when you come across certificates and sites that don’t withstand scrutiny. So HTTPS is good—but like anything, it isn’t perfect.
The RADIUS server receives a user-connection request from the VPN server and authenticates and authorizes the connection attempt. In addition to a yes or no response to an authentication request, RADIUS can inform the VPN server of other applicable connection parameters for this user such as maximum session time, static IP address assignment, and so on.
What's even scarier is the news that Hola, in certain instances, sells its users' bandwidth through a sister company. What that means, the safety experts say, is that if you're using Hola, your computer—working as an endpoint connection for other Hola users—could even be sold to shady characters for questionable or even illegal purposes as they try to stay anonymous on the Internet.
Two networks can be connected over an intranet using a site-to-site VPN connection. This type of VPN connection might be necessary, for example, for two departments in separate locations, whose data is highly sensitive, to communicate with each other. For instance, the finance department might need to communicate with the human resources department to exchange payroll information.
If you’re seriously concerned about government surveillance—we explain above why that should be most people’s last consideration when choosing a VPN—some expert sites like privacytools.io recommend avoiding services with a corporate presence in the US or UK. Such experts warn about the “14 eyes,” a creepy name for a group of countries that share intelligence info, particularly with the US. IVPN is based in Gibraltar, a British Overseas Territory. We don’t think that makes you any worse off than a company based in Switzerland, Sweden, or anywhere else—government surveillance efforts around the world are so complicated and clandestine that few people have the commitment, skills, or technology to avoid it completely. But because Gibraltar’s status has been a topic of debate in other deep dives on VPNs, we’d be remiss if we didn’t mention it.
Tunneling protocols such as PPTP and L2TP are implemented at the data-link layer of the Open Systems Interconnection (OSI) reference model and provide data security by helping to create secure tunnels. In contrast, the IPSec protocol is implemented at the network layer and helps secure data at the packet level. IPSec provides two security protocols: Authentication Header (AH) and ESP.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you'll need to connect every device in your home individually to the VPN service, so just two or three licenses won't be enough for the average nested pair. Note that many VPN services offer native apps for both Android and iOS, but that such devices count toward your total number of connections.
With Kodi, you can access your media over a local connection (LAN) or from a remote media server, if that's your thing. This is, presumably, where concerns about VPN enter the picture. A device using a VPN, for example, will have its connection encrypted on the local network. You might have trouble connecting to it. Using Chromecast on a VPN device just doesn't work, for example. Kodi users might have the same issue.
VPN protocol: We always recommend users avail of OpenVPN when available, as it is the most secure and open-source protocol available. You may, however, opt for a speedier protocol. IKEv2 is secure and works well especially with mobile data connections. You might or might not notice a difference with L2TP/IPSec or SSTP, depending on your device hardware. PPTP is generally regarded as the fastest, but has known security flaws that make it unsuitable for anyone who values their privacy.
Trusting a VPN is a hard choice, but IVPN's transparency goes a long way toward proving that its customers' privacy is a priority. Founder and CEO Nick Pestell answered all of our questions about the company's internal security, and even described the tools the company uses to limit and track access to secure servers. IVPN goes further than the other leading candidates we considered by being transparent about who runs the service and who is responsible for your privacy.
It is also possible (emphasis on "possible") that VPNs may be able to save net neutrality repeal. Kind of. For those who are unaware, net neutrality is the much-discussed concept that ISPs treat web services and apps equally, and not create fast lanes for companies that pay more, or require consumers to sign up for specific plans in order to access services like Netflix or Twitter. Depending on how ISPs respond to a newly deregulated environment, a VPN could tunnel traffic past any choke points or blockades thrown up by ISPs. That said, an obvious response would be to block or throttle all VPN traffic. We'll have to see how this plays out.