Using a VPN for Everything...

I recently moved to Mexico from California because my job was approved for 100% telecommuting and, since I can do that from anywhere, why not Mexico?

Unfortunately, for me, I chose to live in a town that's a bit out of the way -- between Rosarito and Ensenada, Puerto Nuevo sports DSL as the only means of internet access.  Buh-bye cable modems.

I've been toying with the idea of using a VPN as a gateway to my ISP simply because of the legislation that's cropping up recently that enables our respective (not respectable) governments to spy on the internet traffic of it's citizens without due process.  And, I believe, this due process is a long time coming because this is (to the government) a new frontier who's sanctity has yet to be defined in the higher courts of law.  So, boys and girls, until that happens, Big Brother can pretty much do as they want.

And, they do.

Now, the prevailing argument that causes most of us to bleat our way through endless queues at airports waiting patiently for our turns to be molested is this: if you're not doing anything wrong, then why hide what you're doing?

Note that you'll normally hear the same thing from some street cop when he pulls you over and asks to search your car without a warrant; if you have nothing to hide, then why can't I search your car?   Well, it's a little thing called the Fourth Amendment to the Constitution (of the US)...

So the passive-aggressive kicks-up in me and I consider installing a VPN so that no one can track what I do when I am online.  Never you mind that what I do is so damn boring and mind-numblingly dull (for a living, mind you) that there's only a small fraction of the existing population that would even understand the particulars, it's just the principal of the thing.

Same reason why I use DuckDuckGo for my search engine instead of Google.  Why?  Because DDG protects me by not linking my searches to my identity.  Google is infamous for rolling over, exposing your soft underbelly to anyone waiving a law-enforcement letter-head demanding your emails and search and browser history from the beginning of time.  That same patriotic spirit that caused my forefathers to flip King George the finger is what still burns brightly in me today:  Because I can.

So, quick side note -- what's a vpn and why do I need one?

A VPN (virtual private network) is just that - it's a private network that exists within your existing network.

When you connect to the internet, through your ISP, you're establishing a network between your home machine(s) (also a network) and the internet (THE network).  All your requests are routed through your ISP and out to the 'net where their response is then filtered back to you.  An ISP, then, has the ability to know exactly what you request, when you request it, and how many requests you make.

An ISP can also filter and monitor your requests and can deny you access to certain internet-based resources based on the type, amount, or time of the activity.

For example, some ISPs throttle (reduce) your available bandwidth (the diameter of your data flow) if you exceed a set-amount of data downloaded within a period of time.  You have "unlimited" bandwidth but the reality is, once you hit some arbitrary limit determined by the ISP, things get a lot slower for you.  Unfortunately, a VPN cannot help with this.  Data is data.

Some ISPs record and/or block your ability to transact certain types of data.  The most notorious example of this would be P2P or bit-torrent packets.  While a mainstay of the gray (or darker) areas of software licensing, there's a legitimate use for bit-torrent packets (linux distros for one!) that should never be prevented from reaching your computer.  However, like most totalitarian regimes, your ISP may have an "all or nothing" policy with regards to filtering by packet types.

Another example of filtering is by content.  China is infamous for it's firewall of profound social cluelessness, filtering all (what the ruling regime considers to be) subversive sites from being viewed willy-nilly by it's population.

So, as you can see, ISPs wield a tremendous amount of power.  They can meter, view, and deny data packets based on their rules and how heavily influenced they are by corporations or governments.

VPN kind of takes you around all that by creating a private tunnel to what essentially is another ISP (network) allowing you to use the internet as dog himself intended: safely, securely, and without limits.

Allow me to explain...

When you connect to the internet, you establish a network (as I mentioned earlier) between your home machine (network) and your ISP (internet).   All subsequent requests are routed through your ISP and are subject to various levels of scrutiny and transcription.   Fine.

But, creating a VPN within your network basically does this:

  • establish a secure (encrypted) connection with your VPN provider
    • all data packets you send are directed to your VPN
    • all data packets you send to your VPN are encrypted
      • your ISP cannot decrypt the data in these packets; your ISP only knows that there are packets
  • all routing (DNS) requests are sent to your VPN provider
    • address lookups happen on your VPN, not your ISP
      • your ISP does not know where you are going
  • all data requests are sent to your VPN provider, not your ISP
    • request fulfillments happen on your VPN, not your ISP
      • your ISP does not know what you are requesting or receiving

An analog analogy for his is a spy movie where someone gets one of those electronic voice scramblers -- the person making the phone call (you) attaches the scrambler (encryption) device to their phone, inputs some unique code, and calls (ISP connect) their contact (VPN) who attaches their scrambler and enters the same code so they can de-scramble your voice while scrambling their own.  The phone company knows that a call is being made,  and how long the call lasts, and maybe even how much information is being transmitted, but they can't de-scramble or understand the conversation or know who's talking on the other end.

See?  This what a VPN does.  But it's only one thing a VPN does.

When I moved to Mexico, for example and as I stated about a thousand words ago, I experienced an unintended consequence of exchanging an implicit .us domain for a .mx domain.  US-based web-sites detect that I am not of the US and re-direct my requests, they automatically translate my web pages into Espanyol (which I don't speak), or they convert dollars into Mexican pesos.

By using a VPN, I can imply that I am physically in the US, and avoid all that unpleasantness.  Plus I still get to "stick it to the man" (or hombre).

So, finally getting to the point, yesterday, I signed-up for a seven-day trial offer with a VPN company called BolehVPN.  They use tunnelblick as their delivery vehicle for connecting to their VPN.  This was OK with me because I already have tunnelblick installed and use it for work.  All I needed to do was sign-up for a trail account, create my account, give them about $4 US for the 7-day trial, and download and install the configuration files for tunnelblick.

All this took about five minutes.

BolehVPN offers the following configurations:

  • Proxied - mainly used for P2P connections, servers are hosted in Europe
  • Fully-Routed - Secure P2P, anonymous surfing, and data security, servers in Europe and Canada
  • Surfing/Streaming - TCP and UDP for anonymous surfing and streaming content, servers are in the US and Hong Kong
  • TCP443 - http protocol over tls/ssl used for bypassing firewalls

What really sold me on this particular vendor, however, were these features:

  • no logging/monitoring of your traffic -- so even if they were hit with a disclosure order, they have nothing which ties traffic to you
  • compatibility with portable devices -- I had my iPad up on the VPN within seconds over my wireless
  • freedom to chose which VPN service best meets your needs at that time
  • Download speed reduction minimal - about 5%

Cons (so far):

  • some of their website configuration is out of date
  • forum data is dated
    • this could be a good thing -- service is so easy to use, no one posts questions!
  • Expensive - BolehVPN is almost 2x the cost of comparable VPN services

Will I sign with them for a year?

Probably not.  Based on cost alone, all things being equal, there's a lot of competition in the VPN services.  As such, if I can find a competing service that has the same performance as BolehVPN, then I'll probably sign with the other service and save myself about $40/year.

That's about it...hope this was helped you understand why a VPN is important and if you decide you need one, what your next steps are.