VPNs help enable users working at home, on the road, or at a branch office to connect in a secure fashion to a remote corporate server using the Internet. From the users perspective, the VPN is a point-to-point connection between the user's computer and a corporate server. The nature of the intermediate network, the Internet, is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.
There are lots of good reasons why you need a VPN. The most obvious is that routing your traffic through an encrypted tunnel means it is much harder for people on the same network as you—say, at a coffee shop—to snoop on your activities. If the person who owns the network is a bad guy, spying on your activity and hoping to snatch a password or two, they'll also be foiled by a VPN. This also protects against a lot of other scary scenarios, like DNS poisoning. With that kind of attack, you type in a legitimate website URL but are forwarded to a phishing site designed to steal your information.
When it comes to VPNs, however, speed is one of the most difficult factors to accurately quantify. We always run speed tests as empirically as possible when we review a VPN provider, but the fact of the matter is that the fastest VPN for where you live is not necessarily the fastest VPN for where I live. The fastest VPN for streaming video might not be the speediest for online gaming. Even the fastest VPN service at noon probably isn’t the quickest at midnight.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an encrypted authentication mechanism very similar to CHAP. As in CHAP, the NAS sends a challenge, which consists of a session ID and an arbitrary challenge string, to the remote client. The remote client must return the user name and an encrypted form of the challenge string, the session ID, and the MD4-hashed password. This design, which uses the MD4 hash of the password, helps provides an additional level of security because it allows the server to store hashed passwords instead of clear-text passwords or passwords that are stored using reversible encryption. MS-CHAP also provides additional error codes, including a password-expired code, and additional encrypted client-server messages that permit users to change their passwords during the authentication process. In MS-CHAP, both the client and the NAS independently generate a common initial encryption key for subsequent data encryption by MPPE.
You can pay for a Windscribe subscription with bitcoin, and you don't even have to provide an email address. The service is based in Canada, which may appeal to users wary of U.S. authorities. The only feature lacking is a kill switch to stop all internet activity if the VPN connection is lost while in use, but Windscribe argues that its built-in firewall prevents data leakage.
When choosing a VPN server, take these factors into consideration. VPNs are subject to the same peak-versus-average conundrum as everyone else. If possible, choose a VPN server in a time zone that’s in off-peak hours. Some VPN apps have built in speed tests or show the current server load in real time, which can give you an indication of whether you’ll be able to max out your allotted download speed.
You want to skip PPTP if at all possible. It’s a very dated protocol that uses weak encryption and due to security issues should be considered compromised. It might be good enough to secure your non-essential web browsing at a coffee shop (e.g. to keep the shopkeeper’s son from sniffing your passwords), but it’s not up to snuff for serious security. Although L2TP/IPsec is a significant improvements over PPTP, it lacks the speed and the open security audits found with OpenVPN.
Trust and transparency issues are the foremost concerns in choosing a great VPN, and if a service doesn’t have enough locations to be useful to you, all the security features won’t make a difference. But after those concerns have been satisfied, we recommend that most people use connections based on the OpenVPN protocol, because of security flaws and disadvantages in the PPTP and L2TP/IPsec protocols. (Experienced users may consider IKEv2, but because it has its own debated pros and cons, we ruled it out.) Though AES 128-bit encryption is fine for most purposes, we prefer services that default to the more-secure 256-bit encryption and still offer good performance.
A Mozilla executive says Google’s redesign has made YouTube slower on Firefox and Edge. Chris Peterson, the software community’s technical program manager, tweeted on Tuesday that the video sharing site loads at a fifth of the speed on non-Chrome browsers due to its architecture, as first reported by Sofpedia. “YouTube’s Polymer redesign relies on the deprecated Shadow DOM v0 API only implemented in Chrome,” he wrote. “YouTube serves a Shadow DOM polyfill to Firefox and Edge that is, unsurprisingly, slower than Chrome’s native implementation.
The biggest advantage of RIP is that it is extremely simple to configure and deploy. The biggest disadvantage of RIP is its inability to scale to large or very large networks. The maximum hop count used by RIP routers is 15. Networks that are 16 hops or more away are considered unreachable. As networks grow larger in size, the periodic announcements by each RIP router can cause excessive traffic. Another disadvantage of RIP is its high recovery time. When the network topology changes, it might take several minutes before the RIP routers reconfigure themselves to the new network topology. While the network reconfigures itself, routing loops might form that result in lost or undeliverable data.
But even if you know who’s behind your VPN, you shouldn’t trust a free one. A free service makes you and your data the product, so you should assume that any information it gathers on you—whether that’s an actual browsing history or demographics like age or political affiliation—is being sold to or shared with someone. For example, Facebook’s Onavo provides an encrypted connection to Onavo’s servers like any VPN, shielding you from the prying eyes of your ISP or fellow network users. But instead of promising not to examine, log, or share any of your traffic, Onavo’s privacy policy promises the opposite. Covering the service, Gizmodo sums it up well: “Facebook is not a privacy company; it’s Big Brother on PCP.” Facebook collects information about your device, other applications you use, and even “information and other data from your device, such as webpage addresses and data fields.” And the company “may combine the information, including personally identifying information, that you provide through your use of the Services with information about you we receive from our Affiliates or third parties for business, analytic, advertising, and other purposes.” That means Facebook can collect anything it wants, and sell it to anyone it wants.
A firewall uses packet filtering to allow or disallow the flow of specific types of network traffic. IP packet filtering provides a way for administrators to define precisely what IP traffic is allowed to cross the firewall. IP packet filtering is important when private intranets are connected to public networks, such as the Internet. There are two approaches to using a firewall with a VPN server:
CyberGhost’s popular free tier might not offer amazing speeds, but its paid Pro tier is a real contender.  It proved to be both quick and consistent in our speed tests. An “extra speed” feature can be toggled before you connect for an extra boost. Setup and use are novice-friendly, and live chat with customer support is available if you need a hand. Military grade encryption ensures all your data is safely tunneled to the VPN server, and CyberGhost does not store any logs of user activity or other identifiers.
Layer Two Tunneling Protocol (L2TP) is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. Rather than having two incompatible tunneling protocols competing in the marketplace and causing customer confusion, the Internet Engineering Task Force (IETF) mandated that the two technologies be combined into a single tunneling protocol that represents the best features of PPTP and L2F. L2TP is described in RFC 2661 in the IETF RFC Database.
It is also possible (emphasis on "possible") that VPNs may be able to save net neutrality repeal. Kind of. For those who are unaware, net neutrality is the much-discussed concept that ISPs treat web services and apps equally, and not create fast lanes for companies that pay more, or require consumers to sign up for specific plans in order to access services like Netflix or Twitter. Depending on how ISPs respond to a newly deregulated environment, a VPN could tunnel traffic past any choke points or blockades thrown up by ISPs. That said, an obvious response would be to block or throttle all VPN traffic. We'll have to see how this plays out.
×