Difference between revisions of "Protecting your Privacy"
(More on router configuration) |
(→Choosing a VPN service: added section on protocols) |
||
Line 25: | Line 25: | ||
This should be your first step in improving your internet security. Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides. As of writing there are [https://www.gov.uk/government/publications/draft-investigatory-powers-bill proposals in the draft Investigatory Powers Bill] by the UK Government to force ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news). By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN. | This should be your first step in improving your internet security. Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides. As of writing there are [https://www.gov.uk/government/publications/draft-investigatory-powers-bill proposals in the draft Investigatory Powers Bill] by the UK Government to force ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news). By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN. | ||
+ | |||
+ | === Protocols === | ||
+ | |||
+ | There are three main protocols you might encounter when using VPN | ||
+ | |||
+ | ^ Protocol ^ Encryption ^ Description ^ | ||
+ | | PPTP | MPEE 128 BIT | Oldest and most widely used, built into a lot of software making it simple to use. | | ||
+ | | IPSec | 128 BIT | Designed for OSX/iOS its heavy on you CPU but is built into the OS and therefore simple. | | ||
+ | | OpenVPN | 256-bit | The strongest encryption and very widely used. **Recommended** | | ||
=== Choosing a VPN service === | === Choosing a VPN service === |
Revision as of 07:42, 12 November 2015
Contents
Internet Security
Its a big deal these days, whether its companies tracking your browsing habits to serve up adverts or the government trying to snoop on your activity under the bullshit pretense that it protects you from 'terrorists', when in reality its an infringement on Article 12 of the UN Universal Declaration of Human Rights which states…
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks"
…there are any number of reasons you might wish to improve the security and way in which you use the Internet. Its a big topic, so I've made these notes as I fumble my way through the process in the hope they are useful to others.
Overview and Definitions
A lot of new terms…
- Certificates documents issued by VPN providers to users allowing them to connect securely to their network.
- Free Open Source Software (FOSS) software that anyone is freely licensed to use, copy, study, and change in any way and for which the source code is available.
- Gateway] a server through which you connect from one network to another.
- Internet Protocol Security (IPsec)] is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each communication session.
- Internet Service Provider (ISP) is who you pay for an internet connection. Sometimes this will be whoever you have your mobile phone with.
- OpenVPN Free Open Source Software (FOSS) implementing Virtual Private Network (VPN).
- Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks.
- TOR is a network that anonymoises your browsing by routing it through a network of public servers.
- Virtual Private Network (VPN) is a private network that you can connect to over the internet. Traffic then passes between you and the private network without anyone in between being able to see what is passing between you. This in essence means you appear to be located wherever the VPN server is physically located.
Virtual Private Networks (VPN)
This should be your first step in improving your internet security. Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides. As of writing there are proposals in the draft Investigatory Powers Bill by the UK Government to force ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news). By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN.
Protocols
There are three main protocols you might encounter when using VPN
^ Protocol ^ Encryption ^ Description ^ | PPTP | MPEE 128 BIT | Oldest and most widely used, built into a lot of software making it simple to use. | | IPSec | 128 BIT | Designed for OSX/iOS its heavy on you CPU but is built into the OS and therefore simple. | | OpenVPN | 256-bit | The strongest encryption and very widely used. **Recommended** |
Choosing a VPN service
There are lots to choose from, I'm no expert, so read this detailed article (2014 version) on TorrentFreak who asked a whole host of VPN services to describe their approach to anonymity. A few shortlisted ones to check out are...
...but read the TorrentFreak article and the current policies on the providers website and decide for yourself, as prices and policies can vary over time.
Router Configuration
If you configure your router/modem to use the VPN then any device connected to your home network automatically will have everything routed through the VPN. This has Pros and Cons, on the up side it means you don't have to mess around enabling the VPN connection on each device and starting/stopping it. On the downside it might mean you can't view certain geographically restricted services such as BBC iPlayer if the VPN gateway you use is outside the UK, but on the flipside this might be an advantage if for example you wanted to view films that are only available on US Netflix and not on UK Netflix.
There is a lot of variation in router hardware, most people use those provided by their ISP and are quite likely to find that the supplied router does not support establishing VPN connections (e.g. VirginMedia's SuperHub). You'll most likely need to buy a new router and relegate the ISP one to modem (although choose wisely and you can replace the ISPs router completely). Even then the firmware on the router might not support VPN connections, but all is not lost since FOSS alternatives are available in the form of OpenWRT and DD-WRT that you can flash your router with. If either of these supports a router you have lying around your in business, follow their installation instructions for the model of router you have. If not and you are buying a new router you might want to consider whether it is supported by either of these distributions.
Both distributions have a lot of information on VPN written by people who know far more about networking than this author. You will want to read sections on setting up the router as a client rather than a server since you are unlikely to want to setup your own VPN (unless of course you wish to establish a secure and private connection to your home network whilst away from home).
ToDo At present the modem/router I use is pretty crap and doesn't allow you to do this configuration so I am not covering how to do this at present.