How to balance security and user needs when choosing a VPN service provider

The VPN field is provider-rich, and the offerings vary considerably. Consider these important factors and your use case when selecting a VPN service provider.

Best practices for protecting your company's sensitive data

The virtual private network (VPN) service provider market is nothing if not crowded, which makes picking a provider a difficult process. Whether you intend to use your VPN for added security when using free Wi-Fi networks, trying to shield your internet use from your ISP, or aiming to circumvent geographical restrictions when traveling, how you want to use a VPN should influence what service provider you choose.

SEE: VPN usage policy (Tech Pro Research)

For the sake of security and continuity, choosing a provider that allows multiple active connections to accommodate all your connected devices--computers, smartphones, tablets, etc.--is advisable. Most providers offer three to five connections in their basic tier.

It is also important to consider potential security risks of DNS leaks. While all VPN services route traffic through their servers, if the DNS lookups for the websites you visit are still routed through your ISP, it is possible for your ISP to determine what websites you are browsing, defeating the purpose entirely.

VPN services are free to make claims in their advertising of "no logging," but the reality is usually quite different. VPN providers with bandwidth caps necessarily must log used bandwidth to enforce the caps. Many VPN providers that claim they don't log user activity still retain login information (IP address, user agent, etc.) for their customer portal.

SEE: Comparison chart: VPN service providers (Tech Pro Research)

In addition, the absence of logging does not preclude a service provider from monitoring network activity in real time. Some level of monitoring is ultimately necessary for engineers to identify server loads so they can determine excessive strain on the network and plan for expansion. Ultimately, whether a provider actually logs user activity is not auditable by end users, making it a question of trustworthiness. If you're particularly security conscious, it may be advisable to ensure that your provider is located in a region outside intelligence cooperatives, such as Five Eyes (or the expanded Fourteen Eyes), so that they can't be compelled to turn over user activity to investigative authorities.

SEE: How to quickly deploy an OpenVPN server (TechRepublic)

If you intend to use a VPN to circumvent geographical restrictions, some caution is necessary depending on the services you plan to use while connected to a VPN. Although websites like banks are unlikely to ban IP addresses connected to VPNs, video streaming services such as Netflix have been cracking down on VPN use. Because multiple users share the same resources--including IP addresses--of VPNs, it is possible for service providers to identify an abnormally high number of users connecting from one IP address, which is subsequently blacklisted.

While the typical disclaimer of "Users should not roll their own encryption" still applies, if geolocation masking for streaming services is the primary goal, it may be more advisable to use a cloud hosting provider such as DigitalOcean or Vultr to set up your own instance of an OpenVPN server--which would necessarily have a static, non-shared IP address and make it more difficult to detect as a VPN. That said, researchers at Carleton University have devised a method that analyzes the location of a given internet user by observing delays in packet delivery, which may limit the efficacy of VPNs to circumvent geographical restrictions in the future.

Also read...


virtual private network