VPN – So what do I look for from my VPN?
In the UK, we have the Snoopers Charter, which means the ISP stores your browsing habits for 1 year. Unfortunately BT will hand over all the sites you’ve visited under a court order, which could easily be obtained by divorce lawyers, benefit agents and the tax man.
Think of your VPN as an agent – it keeps lawyers away.
It’s vital that the VPN keeps no server logs. If the police seized a server and it has your IP logged, then you’re in trouble. Torrentfreak provide an annual list of those providers who do no log. Use this as your starting point.
No Court orders.
Ensure that the VPN has never complied with a court order. If the VPN is set up correctly, the provider should be unable to comply, as they will not have the data.
If the VPN has complied with court orders – give them a miss.
You’re looking for OpenVPN. Never use anything else.
Especially do not use the Windows 7 client VPN. **Warning – M$ co-operate with any and all government agencies.. I’ve heard them boast at conferences about this. The presenter really thought he was clever, and didn’t for one minute suspect a privacy person would be at that conference.
RSA Key size
Ideally we want RSA 4096. Remember that the EU ENISA report recommended RSA 4096 at a minimum, and moving forward look for RSA 16k, when software allows it (its not built into software, but this gives us a heads up that RSA 2048 is not acceptable).
If you want access to BBC Iplayer, then they’ll need a UK IP.
Your VPN needs to provide a number of countries, so that you can switch easily. IVPN offer 12 countries, NordVPN offer 41 countries. Don’t use UK/USA exit nodes for torrents – use a European exit node (usually the Netherlands is a good choice).
This hides the OpenVPN traffic, so that China and other state authorities can’t detect your VPN. Without this tool, deep packet inspection will find OpenVPN traffic – and in some countries that could prove dangerous.
There are only 2 VPN providers that offer this tool called obfsproxy – NordVPN and IVPN.
WEBRTC – VPN Leak
Check your VPN isn’t leaking with this tool – my results are shown below.
This should show your internal IP (assigned by the OpenVPN client – in my case it’s 10.8.20.18), and the public IP for the OpenVPN server – which is 126.96.36.199. At no time is my REAL ip from my ISP revealed, or my internal network IP eg 192.168.1.1 – as shown.