For someone who’s just about to start using a VPN, can anyone suggest a link to a set of “best practices” that a person should follow when using it?
For example, I don’t know if there may be stuff on my PC already, that even if I use a VPN, it’s ability to protect my privacy might be reduced/eliminated because of those things. (ie. cookies, automatic logins, etc). Is there basic housekeeping, for lack of a better term, that a person should employ before activating, and while generally using, a VPN service?
Thanks
A VPN hide your IP. Only you can hide you. For example if you log into Reddit without VPN and then with it your aren’t anonymous to Reddit as you tied your pseudonym to both IPs. If you only used Reddit on VPN but linked email or same user name without then you aren’t fully anonymous. Generally this is something people don’t care about and will sacrifice convenience for privacy. The VPN still offers other benefits.
VPNs fail, severs go down, if your VPN discounts then your IP will be exposed. If all you are doing is switching between Netflixs you probably won’t care. If you want to hide your IP from applications or the computer as a whole (eg. you torrent and don’t want your ISPs IP exposed to peers) then you need to set up a fail safe. Some VPN clients have this as killing an app process we connection goes down. A much better approach is a system wide fail safe where all internet traffic is haulted if VPN goes down. This also means that if VPN client fails the failsafe still Dunc functions.
You can use OpenVPN on all platforms (Windows, MAC, Linux, Android, iOS, DDWRT, pfSense). Your VPN doesn’t need an app because you can just download any OpenVPN client. Usually you need to download this. Some OSs support VPNs natively however usually not the OpenVPN protocol (which is best). Never use PPTP for VPN it is insecure and broken. L2TP/IPSEC is still considered secure but OpenVPN is preferable protocol.
Never use a 1024 bit key for key exchange. Use at minimum 2048 bit key. For encryption use AES128 (faster) or AES256 (more secure). Other ciphers can be used but AES is the good one and secure one.
If you want privacy only use private browsing/incognito. The big reason here is cookies. Cookies can be used to correlate activity between different browser sessions and IPs. The NSA even identifies this as a way to deanonymize user on their PowerPoint “TOR Stinks”.
If you want added privacy, just in general (and applicable to VPN users) install the browser and on HTTPS Everywhere and a script blocker (NoScript for example). This is as JavaScript compromises security and privacy.
I see your questions; however, if you are a little more specific in what you are attempting to accomplish, we will be able to provide better advice. People use VPNs for a variety of reasons.
Some people advocate specifically disabling IPv6 and using only IPv4. I can’t remember why exactly, but it might be worth looking into.
If you are concerned about things already being on your computer BEFORE you install a vpn then wipe it and move on with life.
This forum started to seem like it was for people that were above a level 1 helpdesk role. It does not anymore.
Super good stuff! I upvoted it and had to post as well to say super job of describing it.
Thank you very much for your detailed and thoughtful post. What you’ve written is exactly along the lines of what I was wondering.
Is the system wide fail safe you refer to, something that’s built into the VPN program? or another app I should be looking at to work in conjunction with the VPN?
Thank you for your time.
Thank you. This is exactly the kind of thing I was getting at.
That only reviels your local IP. Not your actual IP Address given by your ISP.
I disabled my IPv6 because my VPN provider didn’t have DNS leak protection for IPv6 yet. So if you keep that enabled, your DNS may still be leaking through IPv6, even though you are connected with your VPN.
A system wide failsafe is effectively accomplished with a stable reliable firewall. You set the firewall to permit traffic only on the virtual VPN network interface and to block all traffic on the none VPN interfaces. By allowing traffic only to the IP addresses of the VPN server on the non VPN interface then it allows for a connection to be established to the VPN when firewall is turned on. If this is not the case then you would need to turn off the firewall to connect to VPN and then turn it back on.
It’s easy to set up a failsafe this way on Linux using UFW. On Windows though all firewalls I have encountered are more user friendly and have a do everything automatic attitude. So they don’t allow you to configure them in such a way to set up rules for each network interface. I would think there are some out there (probably more corporate orientated firewalls) that allow for easy failsafe on Windows. I’m sure you can find some apps that do this as well. As I said though you shouldn’t rely on a failsafe built into the VPN client as the VPN client might crash. If so connection drops and so does failsafe. By using a different app for a failsafe it allows a layer of redundancy as the failsafe will still work if VPN app crashes.
The Chrome extension is called WebRTC Block
That’s it!
I knew I’d read something like that somewhere…